Just a day after Microsoft rushed out the fix for a flaw in the Vector Markup Language implementation in Internet Explorer, it's having to confirm a new zero-day attack on PowerPoint and exploits targeting IT.
The PowerPoint attack relies on an end user opening a malicious file provided through email or other methods. The flaw comes from the way PowerPoint handles malformed documents.
Until it's patched, Microsoft suggests customers use PowerPoint Viewer 2003, which doesn't contain the flaw, to view documents, and not opening documents from untrusted sources.
The Internet Explorer flaw "is caused due to an integer overflow error in the 'setSlice()' method in the 'WebViewFolderIcon' ActiveX control," according to an advisory from the Danish security-information clearinghouse Secunia. "This can be exploited to corrupt memory when visiting a malicious Web site."
To read the original version of this story, visit SearchSecurity.com.