PowerPoint users warned of flaw

Share this article:

A new unpatched vulnerability in Microsoft PowerPoint that could allow attackers to execute arbitrary code was reported over the weekend.

Trend Micro late last week began receiving samples for a trojan - dubbed TROJ_MDROPPER.BH - that exploits the flaw. The anti-virus vendor rated the malware's risk rating "low" with a "medium" damage potential.

According to a Trend Micro advisory, the trojan arrives as a PowerPoint file after either being downloaded by an unsuspecting user or dropped by other malware. Once the vulnerability is exploited, the trojan drops randomly named malicious executable files into the system's Windows temporary folder.

Microsoft officials have yet to comment about the vulnerability, which was not patched in the most recent Aug. 8 security update.

The Redmond, Wash., firm did send out an advisory on flaws in Microsoft Office last week.

According to the SecuriTeam blog, which published a FAQ about the flaw, all of the latest Windows versions are affected.

In lieu of a patch, users should ensure their anti-virus software is up to date, experts said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Home Depot: breach risks 56M payment cards, 'unique' malware used

Home Depot confirmed that approximately 56 million payment cards may have been compromised as result of a malware attack.

Gartner: 75 percent of mobile apps will fail security tests through end ...

As BYOD and mobile computing become more critical to business, app downloads will raise security risks.

eBay addresses XSS issue affecting auction page visitors

Due to the flaw, iPhone bidders were vulnerable to being redirected to a phishing page.