[MacTUG] Microsoft Office 2004 vulnerability may affect Macs

[Marlon A. Griffith]

Microsoft Office 2004 vulnerability may affect Macs


Microsoft, in a recently published Microsoft TechNet security advisory,  is alerting customers to a newly found vulnerability within its Office suite of productivity applications--specifically PowerPoint. The problems are related to Microsoft's PowerPoint 2000, 2002, and 2003 (Service Pack 3), as well as PowerPoint in Microsoft Office 2004 for Mac.


>From Microsoft TechNet:

   "Microsoft is investigating new reports of a vulnerability in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file."

The PowerPoint file in question, if executed as intended, could spark any number of malicious actions including gaining user rights (including administrator rights) to the user's computer.

>From Microsoft TechNet:

   "The vulnerability is caused when Microsoft Office PowerPoint accesses an invalid object in memory when parsing a specially crafted PowerPoint file. This creates a condition that allows the attacker to execute arbitrary code."

To stay protected
The PowerPoint file is not spread automatically through e-mail or any other method. The file depends on social engineering to coax people into visiting a Web site to download the file or viewing the file as an e-mail attachment or Instant Messenger file transfer. For now, only open PowerPoint documents from people you know and Web sites you trust. Microsoft is investigating the scope of this issue and we expect it will release a security update to repair the exploit.

Resources
Read the entire Microsoft TechNet security advisory regarding the PowerPoint vulnerability.

Thanks to MacFixIt user Cal Lawton for emailing us about this issue.

http://www.macfixit.com/article.php?story=20090407085447971