Microsoft Office PowerPoint Remote Code Execution
Friday, April 3, 2009 at 03:21PM
drStrangeP0rk

This affects MS Office SP3 2000, 2002, 2003 and MS Office 2004 Mac. An attacker can gain access to the user rights of systems running Microsoft Office Mac 2004 using specially crafted content in a PowerPoint document. This can be accomplished by sending the file to a unsuspecting user or downloading it from a site. The attacker can behave as the compromised user.

Again, user education is key to preventing this kind of attack. Only open documents from trusted sources, use MOICE (Windows OS) and do not open earlier versions of MS Office files. Since Office files are .ZIP files containing meta and content data it is important that trust policies be reiterated to users, namely if an Office document comes from an unknown source do not open it. This is also true of ICal files, mail, QT, etc. Never perform task such as email, office activities or web surfing as a system administrator or root. 

No updates at this time, see MS reference article attached for mitigation options.

Update on Wednesday, May 13, 2009 at 08:22PM by Registered CommenterdrStrangeP0rk

Microsoft has posted an update related to Windows versions of Office but has not updated versions related to Mac Office as of today. The Mac version has not been found by them in the wild.

http://www.microsoft.com/technet/security/bulletin/MS09-017.mspx

Article originally appeared on magmatic.com (http://www.magmatic.com/).
See website for complete article licensing information.