A security-based researcher Usman Ahzaz Mufti, researched and opinionated that, a fresh manipulating vector permits an attacker to exploit a PowerPoint file, the exploitation is done as it downloads and installs a malware as the mouse is floated.
Restriction in PowerPoint which forbids attaching a deleted file to the action called as ‘Follow the Hyperlink’ can be easily avoided by the attacker. The dialogue box accommodating the file name can be manipulated by the attacker to present the sufferer with anything he wants. The researcher shed light on the issue further exclaiming, the message can be “Windows Update.bat” or “Loading… Please Wait.exe”.
Furthermore, Usman explains, the problem lies within the files namely ‘PPSX’ known as PowerPoint XML Slide Show format files. The files are not editable; they only authorize you to acquaint yourselves with the content corresponding to the subjected PowerPoint presentation.
Previous PowerPoint limitations introduced back in 2017 by Microsoft were mainly to prevent installations by hovering over hyperlinks in PowerPoint to local executables, as circumvented by Usman himself. The specialist pointed it to “Another File” rather than the “Run the Program” action through the act of using “Follow the Hyperlink” action.
The attacker takes off with changing the “Run Program” action to “Follow the Hyperlink” action, triggering an executable file through an obscure web server with WebDAV (Web Distributed Server) extensions. The server grants you an opportunity to remotely read and edit the content.
Since just one dialogue box can be beseeched during the attack which attacker associates and manipulates. Microsoft addresses this problem, explaining that because the attacker needs an element of social engineering, this can’t be considered as a risk. Contrary to that, the researcher considers the user prone to attacks and states this as a vulnerability.
