PowerPoint users warned of flaw

Share this article:

A new unpatched vulnerability in Microsoft PowerPoint that could allow attackers to execute arbitrary code was reported over the weekend.

Trend Micro late last week began receiving samples for a trojan - dubbed TROJ_MDROPPER.BH - that exploits the flaw. The anti-virus vendor rated the malware's risk rating "low" with a "medium" damage potential.

According to a Trend Micro advisory, the trojan arrives as a PowerPoint file after either being downloaded by an unsuspecting user or dropped by other malware. Once the vulnerability is exploited, the trojan drops randomly named malicious executable files into the system's Windows temporary folder.

Microsoft officials have yet to comment about the vulnerability, which was not patched in the most recent Aug. 8 security update.

The Redmond, Wash., firm did send out an advisory on flaws in Microsoft Office last week.

According to the SecuriTeam blog, which published a FAQ about the flaw, all of the latest Windows versions are affected.

In lieu of a patch, users should ensure their anti-virus software is up to date, experts said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.