Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
threatpostRyan NaraineTHREATPOST:A7710EFC5AA842A252861C862A3F8318
HistoryApr 02, 2009 - 11:35 p.m.

Microsoft issues PowerPoint zero-day warning

2009-04-0223:35:53
Ryan Naraine
threatpost.com
14

0.974 High

EPSS

Percentile

99.9%

JSON

Microsoft has issued an advisory to warn about an under-attack zero-day vulnerability affecting its PowerPoint software.

According to the pre-patch advisory, the flaw allows remote code execution if a user opens a booby-trapped PowerPoint file. The company described the attacks as “limited and targeted.”

Affected software:

Microsoft Office PowerPoint 2000 Service Pack 3
Microsoft Office PowerPoint 2002 Service Pack 3
Microsoft Office PowerPoint 2003 Service Pack 3
Microsoft Office 2004 for Mac

In the absence of a fix, Microsoft recommends the following workarounds:

  • Do not open or save Office files that you receive from un-trusted sources or that are received unexpectedly from trusted sources.
  • Do not open or save Office files that you receive from un-trusted sources or that are received unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a file.
  • Use the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or untrusted sources.
    • The Microsoft Office Isolated Conversion Environment (MOICE) will protect Office 2003 installations by more securely opening Word, Excel, and PowerPoint binary format files.
  • Use Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations.

Related

threatpost 162
openvas 3
fireeye 1
thn 6
securelist 5
mskb 5
ics 1
hivepro 2
talosblog 4
malwarebytes 2
carbonblack 2
zdt 1
cert 1
checkpoint_advisories 1
myhack58 1
exploitpack 1
metasploit 1
threatpost
threatpost
Four Zero Days Disclosed in Internet Explorer
2015-07-23 09:14:36
Microsoft Invents New Way To Measure Online Safety (And Finds That Consumers Stink At It)
2011-10-27 21:22:26
Pwn2Own IE Vulnerabilities Missing from Microsoft Patch Tuesday Updates
2013-04-09 19:18:19
openvas
openvas
Microsoft Office 2013 Service Pack 1 Remote Code Execution Vulnerability (KB3162047)
2017-11-15 00:00:00
Microsoft Office 2010 Service Pack 2 Remote Code Execution Vulnerability (KB2553204)
2017-11-15 00:00:00
Microsoft Office 2007 Service Pack 3 Remote Code Execution Vulnerability (KB4011276)
2017-11-15 00:00:00
fireeye
fireeye
Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries
2018-03-16 00:00:00
thn
thn
Multiple Hacker Groups Capitalizing on Ukraine Conflict for Distributing Malware
2022-04-04 11:13:00
Chinese Hackers Targeted Dozens of Industrial Enterprises and Public Institutions
2022-08-09 07:25:00
Hackers Exploit Recently Disclosed Microsoft Office Bug to Backdoor PCs
2017-11-28 23:05:00
securelist
securelist
Spam and phishing in Q3 2019
2019-11-26 10:00:16
Spam and phishing in Q2 2021
2021-08-05 10:00:45
Spam and phishing in Q3 2020
2020-11-12 10:00:54
mskb
mskb
Description of the security update for Office 2010: November 28, 2017
2017-11-14 08:00:00
Description of the security update for Office 2016: November 14, 2017
2017-11-14 08:00:00
Description of the security update for Office 2013: November 14, 2017
2017-11-14 08:00:00
ics
ics
LokiBot Malware
2020-10-24 12:00:00
hivepro
hivepro
Russian threat actor UAC-0056 targets European countries
2022-03-18 08:27:31
Cloud Atlas Exploits Six-Year-Old Flaw to Target Russian Companies
2023-12-28 14:23:55
talosblog
talosblog
RATs and stealers rush through “Heaven’s Gate” with new loader
2019-07-02 15:56:23
Loda RAT Grows Up
2020-02-12 12:08:44
It's alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign
2019-06-05 00:45:28
malwarebytes
malwarebytes
Microsoft is now disabling Excel 4.0 macros by default
2022-01-25 11:39:20
Microsoft is now disabling Excel 4.0 macros by default
2022-01-24 15:39:51
carbonblack
carbonblack
TAU Threat Intelligence Notification: NanoCore – Old Malware, New Tricks!
2019-03-20 19:14:15
Threat Analysis: Equation Equals Backdoor
2017-11-22 18:50:11
zdt
zdt
Microsoft Office Equation Editor Code Execution Exploit
2017-12-06 00:00:00
cert
cert
Microsoft Office Equation Editor stack buffer overflow
2017-11-15 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Office Memory Corruption Remote Code Execution (CVE-2017-11882)
2017-11-21 00:00:00
myhack58
myhack58
Wary of the use of the Office vulnerabilities to spread commercial spyware AgentTesla-vulnerability warning-the black bar safety net
2019-05-28 00:00:00
exploitpack
exploitpack
Microsoft Office - OLE Remote Code Execution
2017-11-20 00:00:00
metasploit
metasploit
Microsoft Office CVE-2017-11882
2017-11-21 19:47:02

0.974 High

EPSS

Percentile

99.9%

JSON
Related for THREATPOST:A7710EFC5AA842A252861C862A3F8318
threatpost162openvas3fireeye1thn6securelist5mskb5ics1hivepro2talosblog4malwarebytes2carbonblack2zdt1cert1checkpoint_advisories1myhack581exploitpack1metasploit1