Exploit Exposes PowerPoint Zero-Day Vulnerability

The exploit, which was posted to "milw0rm," a site that hosts an exploit database, successfully attacks PowerPoint 2003, even when the application has been fully patched, including the 4 fixes released Tuesday.

According to Symantec's alert, the exploit triggers a crash of PowerPoint. "It does not appear that the vulnerability can be leveraged to execute code, however the possibility has not been conclusively eliminated," said Symantec to customers of its DeepSight threat system. "[We have] tested the exploit and it is confirmed to work as advertised." Danish vulnerability tracker Secunia rated the threat as "highly critical," its second-highest warning rank.

The exploit can be delivered as a malformed PowerPoint file, Microsoft acknowledged. Microsoft's security team said Thursday that it was aware of the publicly-posted code and was investigating.

"We are not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time," wrote Alexandra Huft, a security program manager with the Microsoft Security Response Center, on the group's blog. "As part of our investigation, we are working with our MSRA [Microsoft Security Response Alliance] partners to monitor and secure the ecosystem."

Microsoft Office's applications have been patched repeatedly in 2006, with 44 vulnerabilities fixed in the suite so far this year. Eight of the 44, have specifically involved PowerPoint.