New PowerPoint 0-day Trojan in the wild

To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: New PowerPoint 0-day Trojan in the wild
From: Juha-Matti Laurio <juha-matti.laurio@xxxxxxxx>
Date: Tue, 19 Sep 2006 15:57:36 +0300 (EEST)
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

New zero-day vulnerability in Microsoft PowerPoint has been disclosed.

This vulnerability is being exploited by Trojan horse Trojan.PPDropper.E.
This dropper type file reportedly works in all Windows systems,
but the vulnerability itself has been confirmed in PowerPoint 2000 Chinese 
version.
Possibly attackers/targets are located in China area or bad guys just tested 
the Trojan with Chinese version.

According to Symantec the exact file size of malicious .PPT file is 1,072,128 
bytes.
It drops another Trojan with backdoor capacity.

I put information about the vulnerability to my blog yesterday. There are no 
many references available yet.
Especially information about file name being used is very useful.

- Juha-Matti

Prev by Date: [SECURITY] [DSA 1179-1] New alsaplayer packages fix denial of service
Next by Date: [ MDKSA-2006:165 ] - Updated mailman packages fix multiple vulnerabilities
Previous by thread: [SECURITY] [DSA 1179-1] New alsaplayer packages fix denial of service
Next by thread: [ MDKSA-2006:165 ] - Updated mailman packages fix multiple vulnerabilities
Index(es):
- Date
- Thread