Security News > 2020 > April > PowerPoint ‘Weakness’ Opens Door to Malicious Mouse-Over Attack

A researcher is sounding the alarm over what he believes could be a novel attack vector which allows a hacker to manipulate a PowerPoint file to download and begin the installation of malware, simply by hovering over a hypertext link.

"The attack is able to bypass the PowerPoint's restriction of not being able to add a remote file to the HyperLink action, which if we try to add using the GUI, we can't," Satam told Threatpost.

In his PoC attack, dubbed "Hover with Power," Satam bypasses previous PowerPoint restrictions implemented by Microsoft in 2017, to prevent malicious links in PowerPoint from installing local executable programs just by hovering over a hypertext link.

The Windows Server Message Block protocol provides file sharing, network browsing, printing services, and inter-process communication over a network.

"If an HTTP/HTTPS URL is linked with the hyperlink action, then the OS would download the file using a browser on the system at which point Windows Defender/Smartscreen would kick in, indicating that it is an untrusted file; and even if we hit 'Run', it will quarantine the file," the researcher wrote.

News URL

https://threatpost.com/powerpoint-weakness-mouse-over-attack/154589/