Powerpoint, yet another new vulnerability
Microsoft confirms yet another powerpoint vulnerability that leads to code execution.
Delivery vectors are basically all means to get the file to you, including web, email, thumb drives, CDs, ...
--
Swa Frantzen -- Section 66
0 comment(s)
References
Detection
McAfee has a writeup of the exploit they detected against this vulnerability to connect back to http:// mylostlove1 .6600 .org/[CENSORED] but variants of this will most likely connect to other places.Affected
It seems all supported versions of Office are affected. It's interesting to note that Microsoft also lists the Apple versions of Office as vulnerable.Delivery vectors are basically all means to get the file to you, including web, email, thumb drives, CDs, ...
Defenses
- Do not to open ... but we all know how easy it is to social engineer people into opening things anyway.
- Use the PowerPoint Viewer 2003 (nah, not an option if you have a Mac).
- Filter and/or quarantine powerpoint files in the perimeter (prevent powerpoint email attachments and getting powerpoint files on the web), but it's not easy as it has genuine uses and it has the potential of not needed the ".ppt" file extention.
- Keep antivirus signatures up to date.
- Keep an eye out for a patch from Microsoft.
- ...
--
Swa Frantzen -- Section 66
×
Diary Archives
Comments