Hackers could also lure users to a Web page that offers content or advertisements containing a file that exploits the PowerPoint software, Microsoft said. The vulnerability applies to PowerPoint 2000, 2002 and 2003.
Once the user triggers the corrupt PowerPoint file, the virus installs a keystroke logging system to capture everything typed on the machine. It also leaves the machine open to having a hacker install other malicious programs.
"It installs a backdoor and allows for all types of software to be downloaded on the computer and the computer can be remotely controlled," said Alfred Huger, a security expert at Symantec Corp.
Microsoft said it was completing development of a security update to fix the vulnerability and was on schedule to release the patch on August 8, or sooner, as part of a monthly security update. The company reported a "limited" number of attacks.