Powerpoint unpatched vulnerability - new variant - Security Protection

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Powerpoint unpatched vulnerability - new variant

These are mostly being spammed by email and should not be prevelant in the wild. Users should be cautious with all Powerpoint documents recieved in email.

Powerpoint unpatched vulnerability - new variant
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FMDROPPER%2EAY
http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-072712-3824-99

QUOTE: When executed, it exploits a vulnerability in Microsoft Powerpoint wherein a specially crafted document can cause the application to drop and execute an embedded EXE file in the Windows folder. Once it successfully exploits the mentioned vulnerability, it is able to execute a shell code which, in turn, runs the embedded .EXE file. This .EXE file is detected by Trend Micro as TROJ_AGENT.CZW.

Also, Trend has added detection today for a new Powerpoint POC crash exploit that's most likely related to this overall vulnerability:

New PowerPoint POC Crash exploit
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FPPCRASH%2EA

Posted: Jul 27 2006, 04:06 PM by Harry Waldron | with no comments

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.