Powerpoint, yet another new vulnerability

Powerpoint, yet another new vulnerability
Microsoft confirms yet another powerpoint vulnerability that leads to code execution. References Security Advisory 925984 CVE-2006-4694 avertlabs blog Detection McAfee has a writeup of the exploit they detected against this vulnerability to connect back to http:// mylostlove1 .6600 .org/[CENSORED] but variants of this will most likely connect to other places. Affected It seems all supported versions of Office are affected. It's interesting to note that Microsoft also lists the Apple versions of Office as vulnerable. Delivery vectors are basically all means to get the file to you, including web, email, thumb drives, CDs, ... Defenses Do not to open ... but we all know how easy it is to social engineer people into opening things anyway. Use the PowerPoint Viewer 2003 (nah, not an option if you have a Mac). Filter and/or quarantine powerpoint files in the perimeter (prevent powerpoint email attachments and getting powerpoint files on the web), but it's not easy as it has genuine uses and it has the potential of not needed the ".ppt" file extention. Keep antivirus signatures up to date. Keep an eye out for a patch from Microsoft. ... If you do run into a sample we're interested in obtaining one (to add to our collection ;-) ) -- Swa Frantzen -- Section 66	Swa 760 Posts
Subscribe	Sep 28th 2006 1 decade ago