Microsoft Warns About PowerPoint Vulnerability
Just got a new PowerPoint file on your email and you’re eager to open it? Well, think again, as it might infect your computer.
April 6, 2009
According to the Redmond company, the flaw affects the following versions: 2000 SP3, 2002 SP3, and 2003 SP3, as well as Microsoft Office 2004 for Mac. Office 2007 is not affected.
The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message.
In a Web-based attack scenario, an attacker would have to host a Web site that contains an Office file that is used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability.
For the time being, Microsoft advises users to rely on the following workarounds so they wouldn’t be affected:
- Do not open or save Office files that you receive from un-trusted sources or that are received unexpectedly from trusted sources.
- Use the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or untrusted sources
- Use Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations