PowerPoint users warned of flaw

Share this article:

A new unpatched vulnerability in Microsoft PowerPoint that could allow attackers to execute arbitrary code was reported over the weekend.

Trend Micro late last week began receiving samples for a trojan - dubbed TROJ_MDROPPER.BH - that exploits the flaw. The anti-virus vendor rated the malware's risk rating "low" with a "medium" damage potential.

According to a Trend Micro advisory, the trojan arrives as a PowerPoint file after either being downloaded by an unsuspecting user or dropped by other malware. Once the vulnerability is exploited, the trojan drops randomly named malicious executable files into the system's Windows temporary folder.

Microsoft officials have yet to comment about the vulnerability, which was not patched in the most recent Aug. 8 security update.

The Redmond, Wash., firm did send out an advisory on flaws in Microsoft Office last week.

According to the SecuriTeam blog, which published a FAQ about the flaw, all of the latest Windows versions are affected.

In lieu of a patch, users should ensure their anti-virus software is up to date, experts said.

Share this article:

Sign up to our newsletters

More in News

AOL Mail hack furthers spam campaign using spoofed accounts

AOL confirmed on Monday that it was aware of the issue and working to remediate the situation.

Backdoors in Wi-Fi routers, said to be closed, can be reopened

Backdoors in Wi-Fi routers, said to be closed, ...

Although said to be patched, researcher Eloi Vanderbeken discovered during the Easter holiday that backdoors existing in certain wireless routers can be reactivated.

Apple ships Mac OS X updates, fixes several code execution bugs

Apple ships Mac OS X updates, fixes several ...

Among the addressed vulnerabilities, was a bug affecting WindowServer, which could allow an attacker to execute malicious code outside the sandbox.