Trojan infects Windows PCs via undocumented PowerPoint vulnerability
As if two unpatched critical vulnerabilities in Internet Explorer and one in Word were not enough, they are now joined on the list of weak points in Microsoft products by a newly discovered vulnerability in PowerPoint.
Symantec has reported a trojan by the name of Trojan.PPDropper.E, which infects computers on opening a prepared document, via a previously undocumented vulnerability in PowerPoint, and installs further files onto the computer - including a backdoor. The malware is thought to affect all Windows versions. Symantec does not, however, reveal which versions of PowerPoint are affected. Security mailing lists are, however, reporting that the vulnerability can at least be reconstructed with PowerPoint 2000 running on Chinese systems.
No patch is available at present. Nevertheless, Symantec has already prepared signatures with which their scanner will recognise PPDropper. It is not clear whether Microsoft has been informed of this latest problem. With the three previously reported zero day exploits, the Redmond company will already have plenty to do to be able to release security updates in time for the next patch day. However, the possibility of a false alarm cannot be ruled out. Back in August, Trend Micro caused concern among users worldwide with an allegedly new vulnerability in PowerPoint. Closer analysis revealed, however, that it was a previously known vulnerability which had long been fixed.
At present, the spread of this trojan appears to be very limited. It will probably, as with the previous PowerPoint vulnerability in July, only be exploited for directed attacks.
- Trojan.PPDropper.E, description from Symantec