The Channel logo


By | John Leyden 21st August 2006 15:54

Trojan exploits unpatched PowerPoint vulnerability

Vicious circle

Virus writers have developed Trojan horse malware designed to exploit an unpatched vulnerability in Microsoft's PowerPoint software. The MDropper-BH Trojan spreads in malformed PowerPoint files either downloaded by the internet or pushed out by other malware.

If opened, these infectious PowerPoint files attempt to exploit an unpatched vulnerability to drop the MDropper-BH Trojan onto compromised systems. The vulnerability involved is different from that covered by Microsoft's MS06-048 for a previous PowerPoint vulnerability, the target of earlier malware attacks. All versions of Windows and an unknown number of versions of PowerPoint are vulnerable to the latest attack. If successful the MDROPPER-BH attempts to drop the Small-CMZ Trojan into the temporary folder of a compromised Windows machine. This Trojan tries to download other forms of malware from various pre-programmed hacker web sites. In this way compromised machines are likely to become riddled with all manner of malware, leaving them compromised zombie clients in botnet networks controlled by hackers.

In the absence of an appropriate fix from Microsoft users are advised to employ up-to-date anti-virus software to block infection while also avoiding the temptation to open unsolicited PowerPoint files from trusted sources. ®

alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe