MDropper Trojan - Exploits Zero Day vulnerability in MS Word
http://vil.mcafeesecurity.com/vil/content/v_139539.htm
http://www.sarc.com/avcenter/venc/da...dropper.h.html
http://secunia.com/virus_information/29277/mdropper.h/
http://securityresponse.symantec.com...or.ginwui.html
Trojan.Mdropper.H is a Trojan horse that downloads other risks onto the compromised computer. This Trojan exploits a 0 day Microsoft Word vulnerability to drop Backdoor.Ginwui.
TITLE:
Microsoft Word Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA20153
VERIFY ADVISORY:
http://secunia.com/advisories/20153/
CRITICAL:
Extremely critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Microsoft Office 2003 Professional Edition
http://secunia.com/product/2276/ Microsoft Office 2003 Small Business Edition
http://secunia.com/product/2277/ Microsoft Office 2003 Standard Edition
http://secunia.com/product/2275/ Microsoft Office 2003 Student and Teacher Edition
http://secunia.com/product/2278/ Microsoft Office XP
http://secunia.com/product/23/ Microsoft Word 2002
http://secunia.com/product/2150/ Microsoft Word 2003
http://secunia.com/product/4908/
DESCRIPTION:
A vulnerability has been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an unspecified error. This can be exploited to execute arbitrary code.
NOTE: This vulnerability is being actively exploited.
The vulnerability has been reported in Microsoft Word 2002 and Microsoft Word 2003.
SOLUTION:
Do not open untrusted Office documents.
PROVIDED AND/OR DISCOVERED BY:
This vulnerability has been discovered in the wild as a "Zero-day"
while investigating a system compromise.
OTHER REFERENCES:
SANS:
http://isc.sans.org/diary.php?storyid=1345
Warning of word 0 day exploit
