New Trojan exploits MS06-047 with Word file

It was eight days ago when Microsoft released information about Critical code execution vulnerability in Microsoft Visual Basic for Applications MS06-047 and we have new Trojan horse exploiting the issue with Microsoft Word file now.

From the write-up of Trojan.Mdropper.N:

Trojan.Mdropper.N is a Trojan horse that exploits the Microsoft Visual Basic for Applications Document Check Buffer Overflow Vulnerability (as described in Microsof Security Bulletin MS06-047) and attempts to drop a file on the compromised computer.

The Trojan is a Microsoft Word document reportedly named:
syosetu.doc

Reportedly it drops a file which has been detected as a copy of Backdoor.Tuimer.

Microsoft’s bulletin lists the following Office versions as affected:

* Office XP Service Pack 3
* Office 2000 Service Pack 3

Works Suite 2006, 2005 and 2004 are vulnerable as well. The vulnerable component is Vbe6.dll.

But patch now, folks!

Update 18th Aug: Internet Storm Center has related Diary entry listing several Trojan names used.

Share