Sample attack code that exploits the vulnerability has already been released on the Internet, a Microsoft representative wrote on a corporate blog. Use of the code in an attack could cause a complete system compromise, according to Microsoft.

"The reported proof of concept may allow an attacker to execute code on a user's machine by convincing them to open a specially-crafted PowerPoint file," wrote Alexandra Huft, a Microsoft Security Response representative. "We are not aware of any attacks attempting to use the reported vulnerability."

The flaw affects PowerPoint 2003, according to Microsoft. Security monitoring companies Secunia and the French Security Incident Response Team, or FrSIRT, also list earlier versions as vulnerable. Secunia deems the issue "highly critical," while FrSIRT rates it "critical."

News.Com