I published the following diary on isc.sans.org: “Example of ‘MouseOver’ Link in a Powerpoint File“:
I really like Microsoft Office documents… They offer so many features that can be (ab)used to make them virtual bombs. Yesterday, I found a simple one but nicely prepared Powerpoint presentation: Payment_copy.ppsx (SHA256:7d6f3eb45c03a8c2fca4685e9f2d4e05c5fc564c3c81926a5305b6fa6808ac3f). It was still unknown on VT yesterday but it reached now a score of 1/61!. It was delivered to one of my catch-all mailboxes and contained just one slide…. [Read more]
Hi Torben,
Of course, a properly configured Office environment won’t execute the code behind the link…
Hi Xavier
Am I wrong or should you still have the user to click on the “enable†or “Enable All (not Recommended)“ button on the “Microsoft Powerpoint Security Notice warning” that is coming up for this to work – or is there an trick to disguise this?
/Torben