ZERO-DAY VULNERABILITY IN POWERPOINT (PPT) THAT MICROSOFT DOESN’T WANT TO FIX

The cybersecurity community is concerned about finding a potential security flaw that would allow a threat actor to manipulate Power Point files to download and install malware on a device with a simple mouse pointer interaction with a hypertext link.

According to reports, this attack requires the target user to accept a pop-up dialog box to run or install a program; While Microsoft does not consider such scenarios as a security vulnerability, multiple experts have a contrary view.

Mandar Satam, a standalone cyber security researcher, ensures that the attack can circumvent a fundamental restriction in PowerPoint, which prevents adding a remote file to the HyperLink action. Satam added that this attack would allow you to manipulate the dialog box to display anything.

The researcher created a proof-of-concept of the attack by abusing Power Point’s Open XML slideshow files, called PPSX. These files were designed only for playback of presentations, so they cannot be edited.

Cyber Security News | Exploit One | Hacking News

Search This Blog

LIKE TIKTOK, LINKEDIN IS SPYING ON WHAT YOU TYPE IN THE PHONE THROUGH THE CLIPBOARD

ZERO-DAY VULNERABILITY IN POWERPOINT (PPT) THAT MICROSOFT DOESN’T WANT TO FIX

Comments

Post a Comment