View Full Version : powerpoint pptx files

Is there something masty going on with powerpoint pptx files at present, some exploit in the wild or something. I downloaded some today, which should have been clean, then scanned them with avg as i do with EVERY file i download and it claimed to find a trojan horse sitting in each of them. I also let AVG scan some older .pptx powerpoint slide show files on my machine and although i know they should have been clean it gave detections on those ones too. Is there some reason for this, has something happened recently that makes all pptx files suspect? is it a false positive? or is it likely a trojan has got itself into all my powerpoint files, without touching anything else or showing up on MBAM scans? I don't think i have that sort of infection so i'm guessing it's one of the first two options. In each powerpoint scanned AVG especially highlighted a particular element contained within the powerpoint, this little thing it pointed at and mentioned in it's detection summary under "view details" was "could be a trojan horse exploit .CVE-2014-4114" and mentions of a "file" called "name_of_my_powerpoint_file.pptx:\ppt\slides\_rels\ slide(various numbers given here for different powerpoint files).xml.rels ". I didn't open the files but haven't deleted them either. Has anyone else found these things in pptx files recently, or heard of attack methods involving them?

(i didn't put this thread in "am i infected" because i don't think i am infected, i think this is something to do with the file type and it's either false positives or something that makes all pptx documents questionable.)

Extra info: it only finds pptx files, ppt (thew older type of powerpoint) format is ignored and treated as safe according to the scanner. It doesn't find them during full system scans either, because avg is set to only scan "infectable file types" during full system scans, but will scan anything and everything when a folder or file is selected and rightclicked to scan.

Yes, there is a new vulnerability in OLE: https://technet.microsoft.com/en-us/library/security/3010060.aspx

This can be exploited via pptx files, that's one of the vectors.

Are publisher, word, excel and the other major microsoft office file types also affected then? It mentions them but doesn't say either way absolutely whether they are also currently "compromised formats". I assume this fixit thing wil be in the next round of windows updates and marked as a critical security one?

From the link provided by Didier Stevens