PowerPoint users warned of flaw

Share this article:

A new unpatched vulnerability in Microsoft PowerPoint that could allow attackers to execute arbitrary code was reported over the weekend.

Trend Micro late last week began receiving samples for a trojan - dubbed TROJ_MDROPPER.BH - that exploits the flaw. The anti-virus vendor rated the malware's risk rating "low" with a "medium" damage potential.

According to a Trend Micro advisory, the trojan arrives as a PowerPoint file after either being downloaded by an unsuspecting user or dropped by other malware. Once the vulnerability is exploited, the trojan drops randomly named malicious executable files into the system's Windows temporary folder.

Microsoft officials have yet to comment about the vulnerability, which was not patched in the most recent Aug. 8 security update.

The Redmond, Wash., firm did send out an advisory on flaws in Microsoft Office last week.

According to the SecuriTeam blog, which published a FAQ about the flaw, all of the latest Windows versions are affected.

In lieu of a patch, users should ensure their anti-virus software is up to date, experts said.

Share this article:

Sign up to our newsletters

More in News

POS malware risks millions of payment cards for Michaels, Aaron Brothers shoppers

POS malware risks millions of payment cards for ...

An investigation dating back to January has finally confirmed that malware on point-of-sale systems may have compromised payment card data for millions of Michaels Stores and Aaron Brothers customers.

Phishing scam targets Michigan public schools

Unknown attackers used the finance director's email account to request wire transfers from the school district's accounting department.

Contempt order against Lavabit still stands, appeals court rules

Contempt order against Lavabit still stands, appeals court ...

A federal appeals court backed an earlier ruling penalizing the email service.