IT security firm Sophos is warning computer users to be extra cautious when opening unsolicited files as reports circulate of a newly discovered vulnerability in Microsoft PowerPoint. The unpatched flaw is believed to allow hackers to run malicious code, such as a worm, on both Windows and Mac computers.
The vulnerability is believed to affect Microsoft PowerPoint 2000, Microsoft PowerPoint 2002, Microsoft Office PowerPoint 2003, Microsoft PowerPoint 2004 for Mac and Microsoft PowerPoint v. X for Mac.
“It’s been a bad few weeks for Microsoft on the security front. First they have to deal with a day zero vulnerability in the way their products handle Vector Markup Language, next they discover yet another problem with PowerPoint files,” said Graham Cluley, senior technology consultant for Sophos. “Hackers are showing increasing ingenuity in their attempts to break into innocent users’ computers, so are always on the hunt for exploitable bugs in commonly-used programs. PowerPoint is the standard business tool for presentations, underlining that all computer users need to be show great caution when handling unsolicited email attachments.”
This isn’t the first time a day zero vulnerability has been discovered in Microsoft PowerPoint. In a similar incident in July 2006, Chinese hackers exploited a different PowerPoint flaw in order to install a keylogging Trojan horse.