NEWS FROM THE LAB - Friday, May 19, 2006

Word gets exploited Posted by Sami @ 13:51 GMT

Internet Storm Center reported about a new zero-day Word vulnerability being used. We have received a sample, and it indeed is a Word DOC document that attempts to exploit a vulnerability in Word, in order to drop and execute a binary file that downloads a backdoor.

Both the shellcode used in the exploit as well as the binary part in the document are encoded in order to hide them.

More details about the backdoor is available in the W32/Ginwui.A description.