A vulnerability in Microsoft PowerPoint (Microsoft Security Advisory
922970) can allow attackers to execute malicious code in the context of
the local user. An exploit for this vulnerability is in the wild and is
spreading as an infected PowerPoint file, either through an email
attachment or from a website hosting the malicious code. There is
currently no patch for this vulnerability so please advise campus users
to use caution and open PowerPoint documents only from trusted sources.
This vulnerability highlights one of the risks of using email
attachments for file exchange -- it is difficult to confirm the identity
of the sender as a trusted source. Campus users wishing to move away
from the use of email attachments should consider the WebFiles
(https://webfiles.berkeley.edu) service, a free service to the campus
offering 50MB of online storage and file sharing.
Also, to mitigate the risks associated with this vulnerability, make
sure to update the Symantec definitions to the most recent release using
LiveUpdate. Infected files will be detected by Symantec as
'Trojan.PPDropper.B'.
For more information:
http://www.securityfocus.com/bid/18957/info
http://www.microsoft.com/technet/security/advisory/922970.mspx
-- Allison Henry System and Network Security University of California, Berkeley http://security.berkeley.edu ------------------------------------------------------------------------ The following was automatically added to this message by the list server: For information about Micronet, including subscribing to or unsubscribing from its mailing list and finding out about upcoming meetings, please visit the Micronet Web site: <http://micronet.berkeley.edu/>.Received on Wed Jul 26 16:44:50 2006
This archive was generated by hypermail 2.1.8 : Wed Jul 26 2006 - 16:44:53 PDT