Attackers Let Loose More PowerPoint Exploit Code
The Cupertino, Calif. security vendor's researchers weren't certain whether the three exploits were distinct, or even if they attacked new vulnerabilities rather than the zero-day bug discovered last week.
But it was able to use two of the specially-created PowerPoint exploit documents to trigger crashes on fully-patched PCs. One of the two led to memory corruption, which may indicate that it could be used to introduce other attack code remotely.
"If these issues are in fact distinct and exploitable, there exist four unpatched vulnerabilities with exploits available in private and/or public," Symantec said in an alert to customers of its DeepSight warning system.
Friday, Microsoft reaffirmed that PowerPoint had at least one unpatched vulnerability by posting an entry to its Security Response Center (MSRC) blog. There, program manager Stephen Toulouse said that the group had added detection for the malware dropped by the malformed PowerPoint document to the Windows Live Safety Center, a free Web-based site that sniffs out and destroys known viruses, worms, and Trojan horses.
"We've kept the Office team engaged on a state of high alert over the past couple of months for vulnerabilities relating to Office," Toulouse added in the blog, and said the team was shooting for a Monday morning release of a security advisory to outline the issue and offer up workarounds.
Office's recent security troubles started in May when an attack using an unpatched Microsoft Word vulnerability was disclosed. Symantec, meanwhile, continued to advise users to filter PowerPoint documents at the e-mail gateway. "[We also] suggest extreme caution when handling the files," the alert read.