Friday, May 19, 2006
Word gets exploited Posted by Sami @ 13:51 GMT

Internet Storm Center reported about a new zero-day Word vulnerability being used. We have received a sample, and it indeed is a Word DOC document that attempts to exploit a vulnerability in Word, in order to drop and execute a binary file that downloads a backdoor.

Both the shellcode used in the exploit as well as the binary part in the document are encoded in order to hide them.

More details about the backdoor is available in the W32/Ginwui.A description.

<<< More about the "Poker Rootkit"
3322, 8866 and others >>>