Information on the 0-day PowerPoint vulnerability

August 21st, 2006

A new and potentially damaging vulnerability has been discovered in [tag]Microsoft[/tag] [tag]PowerPoint[/tag].  SecuriTeam have posted some information on it:

  • Caused by an unknown error when processing malformed PowerPoint documents
  • First malware description was posted Saturday August 19th
  • Currently being exploited by [tag]Trojan[/tag]s
  • Not the same as the vulnerability reported on the August 8th
  • Best way to protect yourself is to run up-to-date antivirus and be careful what PowerPoint documents you open
  • Symptoms of the Trojan include an EXE file with a random name being written to the Windows Temp folder
  • The names of the malware exploiting the vulnerability is [tag]TROJ_SMALL.CMZ[/tag] (Trojan) and [tag]TROJ_MDROPPER.BH[/tag] (dropper file)
  • Current size of exploited PowerPoint document is 71,168 bytes
  • Windows Live Safety Center currently doesn't detect this vulnerability

This entry was posted on Monday, August 21st, 2006 at 15:48 and is filed under Stay Secure. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.

Comments are closed.