[Full-disclosure] New PowerPoint 0-day Trojan in the wild



New zero-day vulnerability in Microsoft PowerPoint has been disclosed.

This vulnerability is being exploited by Trojan horse Trojan.PPDropper.E.
This dropper type file reportedly works in all Windows systems,
but the vulnerability itself has been confirmed in PowerPoint 2000 Chinese version.
Possibly attackers/targets are located in China area or bad guys just tested the Trojan with Chinese version.

According to Symantec the exact file size of malicious .PPT file is 1,072,128 bytes.
It drops another Trojan with backdoor capacity.

I put information about the vulnerability to my blog yesterday. There are no many references available yet.
Especially information about file name being used is very useful.

- Juha-Matti

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • Re: spyware
    ... | Even before downloaded,Panda is detectiong it as a PUP/Hack Tool/ ... Such software is installed via a vulnerability exploitation or through an already ... The problem with V software is that it may find a Trojan or some Trojanized files ... that sets my tool apart is not only is it hard coded for the known threats bu it ...
    (microsoft.public.security.virus)
  • Re: On classifying attacks
    ... The vulnerability is one to automatically ... "opportunistic" exploitation (attacker has no control over when the ... Depending on the normal channels by which the "trojan" is delivered, ... local user into changing into a directory with a large name would be ...
    (Bugtraq)
  • New PowerPoint 0-day Trojan in the wild
    ... New zero-day vulnerability in Microsoft PowerPoint has been disclosed. ... This vulnerability is being exploited by Trojan horse Trojan.PPDropper.E. ... Possibly attackers/targets are located in China area or bad guys just tested the Trojan with Chinese version. ...
    (Bugtraq)
  • [sb] RE: [Full-Disclosure] Internet explorer 6 execution of arbitrary code (An analysis of the 180 S
    ... >>Finally I also attached the source files to this message ... The vulnerability allows for the writing, and overwriting, of local ... There are several variants of this trojan. ...
    (Full-Disclosure)
  • Re: New *Style* of Boat US Magazine Unveliled Today
    ... in China over the past 50-75 years, it's hard to think it was planned. ... Nixon on his own wouldn't have changed a thing. ... president would have- and the way the Chinese see it, ... vulnerability and less effective results if we need to- just as long ...
    (rec.boats)