A researcher has found a serious vulnerability in PowerPoint which can allow installing malware with mouse-over attacks. Ironically, despite being a serious issue, Microsoft refused to patch the flaw.
Reportedly, security researcher Mandar Satam has found a bug affecting PowerPoint that allows mouse-over attacks. This allows an adversary to craft a malicious PowerPoint document that would, in turn, execute malware.
He has also shared a detailed proof-of-concept regarding the exploit. There, he referred to a bug reported in 2017 that allowed the execution of malware whenever a user would hover over the mouse on a hyperlink in the malicious PowerPoint file. While Microsoft patched that flaw, he has now come up with an extension for it. An attacker may simply use the “hyperlink to” option in PowerPoint to link another file in the ppt.
Then, a few more steps allow the attacker to exploit that flaw again. As stated by the researcher,