News of the unpatched PowerPoint vulnerability (via eWeek) comes after a summer-long struggle to contain vulnerabilities in Microsoft Office, the office suite that maintains a venerable monopoly in the market. As with previous PowerPoint exploits, this one uses a rigged PowerPoint file to install a backdoor application. I found some additional information available from Symantec; read that here.
Similarly, another exploit has surfaced for Internet Explorer. This exploit takes advantage of a flaw that was supposedly brought to Microsoft’s attention back in July and apparently still remains unpatched. Fortunately, additional information on the IE vulnerability is available; here are some relevant links:
No word yet on any workarounds for this vulnerability or the published exploit.
Finally, in slightly related news…a couple of days ago Microsoft released an out-of-band patch (MS06-055) for the VML vulnerability I mentioned last week. As usual, it’s available via Windows Update, WSUS, and various other distribution mechanisms.