?

Log in

No account? Create an account

Previous Entry | Next Entry

Microsoft Word Zero-Day attack in wild

This is FYI at this time, in case this escalates.

Here's what I've gotten so far - Word XP and 2003 vulnerable to a zero day exploit. User must open malicious .doc file. "When the .doc attachment is opened, it exploits a previously unknown vulnerability in Microsoft Word and infects a fully patched Windows system. The exploit functioned as a dropper, extracting and launching a Trojan that immediately overwrites the original Word document with a "clean," uninfected copy."

References:
http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx
http://isc.sans.org/diary.php?storyid=1345
http://www.eweek.com/article2/0,1895,1965042,00.asp

AV vendors:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?vname=w97m_mdropper.ab
http://securityresponse.symantec.com/avcenter/venc/data/trojan.mdropper.h.html
http://www.sophos.com/virusinfo/analyses/trojmdropama.html