Content
Exploit-PPT.k
- Type
- Trojan
- SubType
- Exploit
- Discovery Date
- 04/02/2009
- Length
- Varies
- Minimum DAT
- 5573 (04/03/2009)
- Updated DAT
- 5763 (10/06/2009)
- Minimum Engine
- 5.2.00
- Description Added
- 04/02/2009
- Description Modified
- 04/03/2009 8:52 AM (PT)
Risk Assessment
- Corporate User
- Low-Profiled
- Home User
- Low-Profiled
Tab Navigation
Characteristics
This detection covers specially crafted PPT files that exploit a 0-day vulnerability in Microsoft PowerPoint.
Symptoms
Unexpected dropping of executable files by Microsoft PowerPoint.
Method of Infection
When the PPT file is opened, malicious code is executed automatically using a vulnerability in PowerPoint.
Removal
All Users:
Use current engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Variants
Variants
N/A
All Information
Overview -
-- Update April 03, 2009 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.eweek.com/c/a/Security/Microsoft-Warns-of-Attacks-on-PowerPoint-Vulnerability-345397/?kc=rss
--
This detection covers specially crafted PPT files that exploit a 0-day vulnerability in Microsoft PowerPoint. More information can be found :
http://www.microsoft.com/technet/security/advisory/969136.mspx
Characteristics
Characteristics -
This detection covers specially crafted PPT files that exploit a 0-day vulnerability in Microsoft PowerPoint.
Symptoms
Symptoms -
Unexpected dropping of executable files by Microsoft PowerPoint.
Method of Infection
Method of Infection -
When the PPT file is opened, malicious code is executed automatically using a vulnerability in PowerPoint.
Removal -
Removal -
All Users:
Use current engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Additional Windows ME/XP removal considerations
Variants
Variants -
N/A
