Microsoft has detailed a new remote code execution vulnerability using malicious PowerPoint documents sent as email attachments, which affects nearly all supported releases of Windows.
The vulnerability has only so far been used in limited, targeted, attacks, Microsoft said in a security advisory, but could allow attackers to gain the same rights as the legitimate user if the user opens an affected Microsoft Office file containing an OLE (Object Linking and Embedding) object.
In the attacks Microsoft has so far identified, a User Account Control (UAC) prompt was raised when the user opened the affected document.
"In an email attack scenario, an attacker could exploit the vulnerability by sending a specially-crafted file to the user," Microsoft advised.
"For this attack scenario to be successful, the user must be convinced to open the specially crafted file containing the malicious OLE object. All Microsoft Office file types as well as many other third-party file types could contain a malicious OLE object."
Given the vulnerability would allow an attacker to gain control of the system with the same privileges as the user, users with administrative accounts are more susceptible to damage.
Users with fewer rights will limit the damage the attacker can cause, Microsoft said.
All supported releases of Windows except Server 2003 are affected.
"Files from the internet and from other potentially unsafe locations can contain viruses, worms, or other kinds of malware that can harm your computer," Microsoft stated in its advisory.
"To help protect your computer, files from these potentially unsafe locations are opened in Protected View. By using Protected View, you can read a file and see its contents while reducing the risks. Protected View is enabled by default."
The software giant has released a workaround to stop the PowerPoint attacks until a patch is available, but Microsoft warned it does not address other attacks that could be built to exploit the vulnerability.