|15 Dec 2010||#1|
| || |
Malicious RTF Files Exploit Office Flaw to Install Trojan
Security researchers from Trend Micro have spotted malicious RTF files in the wild, which exploit a known Microsoft Office vulnerability to infect users with a trojan.
RTF stands for Rich Text Format and is one of the oldest document formats. It is supported by all versions of Microsoft Word and WordPad.
The RTF-based exploit seen by Trend Micro targets a stack buffer overflow vulnerability affecting all supported Microsoft Office versions.
This remote code execution flaw, identified as CVE-2010-3333, was addressed in the MS10-087 security bulletin released by Microsoft on November 9.
It the flaw is exploited successfully, the malicious RTF files drop a trojan which hides itself by using the name of an already existent service.
The malware injects code into the svchost.exe process in order to contact a remote server from where it receives instructions.
|My System Specs|
|Similar help and support threads for2: Malicious RTF Files Exploit Office Flaw to Install Trojan|
|look out for Exploit.drop.GSLAD trojan||System Security|
|Blackhole outfitted with exploit for recently patched Java flaw||Security News|
|Java Exploit / Trojan magically re-appears even with a system re-image||System Security|
|repeated start up prbs after Exploit and Java Trojan's 'removed'||System Security|
|Sykipot Trojan takes advantage of Adobe Reader zero-day flaw||Security News|
|Delivering banking Trojan via malicious boot loaders||Security News|
|Exploit Code Available for Shockwave Player Zero-Day Flaw||Security News|