Content

Exploit-OleDropper

Type
Trojan
SubType
Exploit
Discovery Date
03/29/2007
Length
Varies
Minimum DAT
4995 (03/29/2007)
Updated DAT
5468 (12/18/2008)
Minimum Engine
5.1.00
Description Added
03/29/2007
Description Modified
04/10/2007 6:11 PM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

This a generic heuristic detection that covers specially crafted OLE documents that attempts to drop embedded executable files by exploiting vulnerabilities.

When opened in OLE application such as Microsoft Word and JustSystem Ichitaro, it causes a buffer overflow that can lead to execute an embedded executable.

Symptoms

Unexpected execution of files upon opening a OLE file.

Method of Infection

When the OLE file is opened, malicious code is executed automatically using the vulnerability in OLE applications, such as MS Word and JustSystem Ichitaro.

Removal

This detection is an indication that the file is identified heuristically and it is requested that a sample of the file is sent to McAfee AVERT for analysis.

Refer to the online instructions for sending samples.

Variants

Variants

    N/A

All Information

Overview -

This a generic heuristic detection that covers specially crafted OLE documents that attempts to execute embedded executable files by exploiting vulnerabilities.

The detection currently covers the following OLE documents:

  • Microsoft Word
  • JustSystems Ichitaro

Characteristics

Characteristics -

This a generic heuristic detection that covers specially crafted OLE documents that attempts to drop embedded executable files by exploiting vulnerabilities.

When opened in OLE application such as Microsoft Word and JustSystem Ichitaro, it causes a buffer overflow that can lead to execute an embedded executable.

Symptoms

Symptoms -

Unexpected execution of files upon opening a OLE file.

Method of Infection

Method of Infection -

When the OLE file is opened, malicious code is executed automatically using the vulnerability in OLE applications, such as MS Word and JustSystem Ichitaro.

Removal -

Removal -

This detection is an indication that the file is identified heuristically and it is requested that a sample of the file is sent to McAfee AVERT for analysis.

Refer to the online instructions for sending samples.

Variants

Variants -

    N/A