A new unpatched vulnerability in Microsoft PowerPoint that could allow attackers to execute arbitrary code was reported over the weekend.
Trend Micro late last week began receiving samples for a trojan - dubbed TROJ_MDROPPER.BH - that exploits the flaw. The anti-virus vendor rated the malware's risk rating "low" with a "medium" damage potential.
According to a Trend Micro advisory, the trojan arrives as a PowerPoint file after either being downloaded by an unsuspecting user or dropped by other malware. Once the vulnerability is exploited, the trojan drops randomly named malicious executable files into the system's Windows temporary folder.
Microsoft officials have yet to comment about the vulnerability, which was not patched in the most recent Aug. 8 security update.
According to the SecuriTeam blog, which published a FAQ about the flaw, all of the latest Windows versions are affected.
In lieu of a patch, users should ensure their anti-virus software is up to date, experts said.