Information on the 0-day PowerPoint vulnerability

August 21st, 2006

A new and potentially damaging vulnerability has been discovered in [tag]Microsoft[/tag] [tag]PowerPoint[/tag].  SecuriTeam have posted some information on it:

  • Caused by an unknown error when processing malformed PowerPoint documents
  • First malware description was posted Saturday August 19th
  • Currently being exploited by [tag]Trojan[/tag]s
  • Not the same as the vulnerability reported on the August 8th
  • Best way to protect yourself is to run up-to-date antivirus and be careful what PowerPoint documents you open
  • Symptoms of the Trojan include an EXE file with a random name being written to the Windows Temp folder
  • The names of the malware exploiting the vulnerability is [tag]TROJ_SMALL.CMZ[/tag] (Trojan) and [tag]TROJ_MDROPPER.BH[/tag] (dropper file)
  • Current size of exploited PowerPoint document is 71,168 bytes
  • Windows Live Safety Center currently doesn't detect this vulnerability

This entry was posted on Monday, August 21st, 2006 at 15:48 and is filed under Stay Secure. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.