Friday, April 3, 2009

Death By Powerpoint: Microsoft Security Advisory 969136

We've all heard the joke about corporate meetings - "Death by PowerPoint". Microsoft's most recent security advisory however should make system administrators running older versions of PowerPoint 2000, 2002, 2003, and Office 2004 for MacOS sit up and take notice. Per the advisory, "Microsoft is investigating new reports of a vulnerability in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file.".

The good news is that newer versions of Office are not vulnerable, and that as usual, this only executes with the rights of the local user, and it requires users to open the PowerPoint file.

This is referenced as CVE-2009-0556, for those who would like to track it.

No comments: