Content

Exploit-PPT.b

Type
Trojan
SubType
Exploit
Discovery Date
07/13/2006
Length
Varies
Minimum DAT
4807 (07/14/2006)
Updated DAT
4807 (07/14/2006)
Minimum Engine
5.1.00
Description Added
07/13/2006
Description Modified
07/13/2006 10:02 PM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

This detection covers what is believed to be a zero day remote code execution exploit targeting Microsoft PowerPoint.  At this time Avert Labs has not received any field samples of this trojan, which was reported to be used in a targeted attack.  In this attack, a new BackDoor-CEP trojan variant is dropped in the system directory with the name regvrt.exe and executed by this exploit.

Symptoms

Unexpected execution of files upon opening a PPT file.

Method of Infection

This threat exploits a Microsoft PowerPoint vulnerability.  The specific application versions that are vulnerable have not been pin pointed at this time.

Removal

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants

    N/A

All Information

Overview -

This is an exploit detection.  The purpose of this exploit is to trick users into openning a Microsoft PowerPoint presentation, which may result in the execution of malicious code.

Aliases

  • Trojan.PPDropper.B (Symantec)

Characteristics

Characteristics -

This detection covers what is believed to be a zero day remote code execution exploit targeting Microsoft PowerPoint.  At this time Avert Labs has not received any field samples of this trojan, which was reported to be used in a targeted attack.  In this attack, a new BackDoor-CEP trojan variant is dropped in the system directory with the name regvrt.exe and executed by this exploit.

Symptoms

Symptoms -

Unexpected execution of files upon opening a PPT file.

Method of Infection

Method of Infection -

This threat exploits a Microsoft PowerPoint vulnerability.  The specific application versions that are vulnerable have not been pin pointed at this time.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants -

    N/A