This affects MS Office SP3 2000, 2002, 2003 and MS Office 2004 Mac. An attacker can gain access to the user rights of systems running Microsoft Office Mac 2004 using specially crafted content in a PowerPoint document. This can be accomplished by sending the file to a unsuspecting user or downloading it from a site. The attacker can behave as the compromised user.

Again, user education is key to preventing this kind of attack. Only open documents from trusted sources, use MOICE (Windows OS) and do not open earlier versions of MS Office files. Since Office files are .ZIP files containing meta and content data it is important that trust policies be reiterated to users, namely if an Office document comes from an unknown source do not open it. This is also true of ICal files, mail, QT, etc. Never perform task such as email, office activities or web surfing as a system administrator or root. 

No updates at this time, see MS reference article attached for mitigation options.

Update on Wednesday, May 13, 2009 at 08:22PM by drStrangeP0rk

Microsoft has posted an update related to Windows versions of Office but has not updated versions related to Mac Office as of today. The Mac version has not been found by them in the wild.

http://www.microsoft.com/technet/security/bulletin/MS09-017.mspx

Charlie Miller, a security researcher, used an exploit that he had discovered and perfected last year. If a user clicks on a malicious URL, an attacker can gain access and exploit the users machine, I have not found out if the attack is root or user sand boxed. Luckily this information will be shared with Apple but it addresses a very important point. Macintosh's can be exploited by drive by web attacks, we have also seen this with QuickTime, ICal, Acrobat etc. First up no user should be operating as the administrator when performing user level task including web surfing, email, word processing, etc.  

Make sure policies and procedures about visiting web sites are reviewed and users are not lured into a false sense of security. Education of users and strict policies about administrators and root activity are very important in defending against these kinds of attacks. Network administrators should also update their white and black list of sites (This is always good to reveiw) and review application level proxies, especially at the network boundaries. As with any network, egress filtering of traffic is very important to securing your Macintosh infrastructure. Knowing what is going out is as important to knowing what is coming in. 

Hey baby, it's Unix the beast }:-> 

Update on Thursday, March 19, 2009 at 07:46PM by drStrangeP0rk

Research Nils has claimed the trifecta, attacking IE 8 and gaining full control of a machine running Windows 7 and a zero-day flaw in Firefox.

Excellent work. }:->

Update on Wednesday, April 1, 2009 at 08:32AM by drStrangeP0rk

Firefox 3.0.8 update fixes the flaws in Pwn2Own and Zero Day Flaws, including XSL transformtion vulnerability and XUL tree element code execution. The XUL was used in the Pwn2Own contest. 

Security Advisories for Firefox 3.0