Friday, September 29, 2006 9:20 AM
cmosby
US-CERT Current Activity - Active Exploitation of a Vulnerability in Microsoft PowerPoint
Active Exploitation of a Vulnerability in Microsoft PowerPoint
added September 27, 2006
We are aware of active exploitation of a remote code execution vulnerability in Microsoft PowerPoint. Successful exploitation may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
More information about this vulnerability can be found in the following:
- Vulnerability Note VU#231204- Microsoft PowerPoint contains an unspecified remote code execution vulnerability
- Microsoft Security Advisory 925984
We recommend the following actions to help mitigate the security risks:
- Do not open attachments from unsolicited email messages.
- Install anti-virus software, and keep its virus signature files up-to-date.
- Save and scan any attachments before opening them.
We strongly encourage users not to open unfamiliar or unexpected email attachments, even if sent by a known and trusted source. Users may wish to read Cyber Security Tip ST04-010 for more information on working with email attachments.
We will continue to monitor this issue and provide additional information as it becomes available.
US-CERT Current Activity.
Filed under: Security and Anti-Virus, Patch Management, Microsoft Office