New proof-of-concept code targeting an unpatched vulnerability in Microsoft Office 2003 PowerPoint has become publicly available.
The new vulnerability was rated as "highly critical" by security firm Secunia, which described the flaw as being caused by an "unspecified error when processing PowerPoint presentations”.
A Microsoft Security Response Center blog posting said the company is aware of the proof-of-concept code. "The reported proof-of-concept may allow an attacker to execute code on a user's machine by convincing them to open a specially crafted PowerPoint file," the blog post said. It went on to note that Microsoft is monitoring the situation and is not aware of any actual attacks attempting to take advantage of the flaw.
Ken Dunham, director of the rapid response team at Versign's iDefense business unit, said attacks against the flaw are "increasingly likely" with the availability of public exploit code.
Attacks to date against PowerPoint and Office based vulnerabilities have been "highly targeted and sophisticated" he said.
Reports of the new flaw comes just three days after Microsoft rolled out patches for more than two dozen vulnerabilities in one of its largest-ever monthly security updates. Sixteen of the flaws patched this week were discovered in application software products. Exploits against many of those flaws - including one in PowerPoint - were already available before Microsoft's patch.