A limited attack attempted to compromise systems using a previously unknown flaw in PowerPoint, Microsoft and others said on Friday.

The attack, dubbed Trojan.PPDropper.B by security firm Symantec, is contained in a Chinese PowerPoint file. The remote code execution vulnerability is currently being investigated by Microsoft.

"Microsoft is aware of extremely limited, targeted attacks exploiting this vulnerability," the company said in a statement sent to SecurityFocus. "In order for this attack to be carried out, a user must first open a malicious PowerPoint document that is sent as an email attachment, posted to a website or otherwise provided to them by an attacker."

Microsoft added that more recent versions of PowerPoint will issue a warning if the attachment is opened from e-mail. SecurityFocus is owned by Symantec.

The PowerPoint attack marks the third time in two months that a previously unknown, or zero-day, exploit has been used to compromise corporate systems running Microsoft Office. Last month, security firms reported that a previously unknown flaw in Excel had been used by attackers to compromise a limited number of systems. And, in May, some companies discovered a malicious program using a flaw in Word to compromise systems.

The exploits appear to be related to a string of targeted Trojan horse attacks that come from systems in China. A year ago, the national computer emergency response teams in the United Kingdom, Canada and Australia all warned of targeted attacks hitting organizations in those countries. While the U.S. organization, US-CERT, did not issue an alert, antivirus companies acknowledged that low-volume e-mail attacks had targeted U.S. companies and government agencies.




securityfocus.com