Content
Exploit-MSWord.f
- Type
- Trojan
- SubType
- Exploit
- Discovery Date
- 02/08/2007
- Length
- Varies
- Minimum DAT
- 4779 (06/07/2006)
- Updated DAT
- 4960 (02/09/2007)
- Minimum Engine
- 5.1.00
- Description Added
- 02/08/2007
- Description Modified
- 02/09/2007 2:00 PM (PT)
Tab Navigation
Characteristics
The 4779 DAT files proactively detect known exploits as Exploit-OleData.gen when scanning with email, gateway, and the cmd-line scanner with heuristics enabled. The 4784 DAT files proactively detect known exploits as Exploit-MS06-027 when scanning with email, gateway, and the cmd-line scanner with heuristics enabled. The 4959 DAT files detect known exploits as Exploit-MS06-027 for all products, without heuristics.
This threat attempts to exploit a Microsoft Word vulnerability. Testing shows that a fully patched Word 2000 is vulnerable to this threat. However, the trojan is flawed and only results in Word crashing, rather than executing the intended payload, to drop and execute a new Enfal trojan variant.
Symptoms
Microsoft Word may crash upon accessing this exploit .DOC file
Method of Infection
This threat attempts to exploit a Word vulnerability to execute arbitrary code. However, the attack is limited to crashing Word.
Removal
All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.
Variants
Variants
N/A
All Information
Overview -
This threat was received from the field in a very targeted attack. It attempts to exploit an unpatched Microsoft Word vulnerability, but fails to function as intended.Characteristics
Characteristics -
The 4779 DAT files proactively detect known exploits as Exploit-OleData.gen when scanning with email, gateway, and the cmd-line scanner with heuristics enabled. The 4784 DAT files proactively detect known exploits as Exploit-MS06-027 when scanning with email, gateway, and the cmd-line scanner with heuristics enabled. The 4959 DAT files detect known exploits as Exploit-MS06-027 for all products, without heuristics.
This threat attempts to exploit a Microsoft Word vulnerability. Testing shows that a fully patched Word 2000 is vulnerable to this threat. However, the trojan is flawed and only results in Word crashing, rather than executing the intended payload, to drop and execute a new Enfal trojan variant.
Symptoms
Symptoms -
Microsoft Word may crash upon accessing this exploit .DOC file
Method of Infection
Method of Infection -
This threat attempts to exploit a Word vulnerability to execute arbitrary code. However, the attack is limited to crashing Word.
Removal -
Removal -
All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.
Variants
Variants -
N/A
