èÏÔÑ ÎÁÐÉÓÁÎÏ, ÞÔÏ ÜÔÏ ÕÑÚ×ÉÍÏÓÔØ × word2000, symantec ÇÏ×ÏÒÉÔ Ï ÕÑÚ×ÉÍÏÓÔÉ ×
word2003
http://isc.sans.org/diary.html?storyid=2133
Older Microsoft word unpatched vulnerability used as vector in targeted attacks
Published: 2007-01-31,
Last Updated: 2007-01-31 22:10:11 UTC
by Swa Frantzen (Version: 3)
Symantec reported on what was thought of initially as yet another unpatched
vulnerability being exploited by the bad guys out there. We have confirmation
it is in fact one of the older -still unpatched- vulnerabilities CVE-2006-6456
that is exploited in targeted attacks.
Even though it appears there might be little gain in once again trying to
convince people not to email office documents, not to open them, etc. some
renewed attention might be required.
If actively exploited unpatched vulnerabilities is the risk level you need
before being allowed to act and start to filter, you might have your "go" at
this point. The oldest of the 4 vulnerabilities is publicly known since
December 5th, 2006. This latest wave of attacks is exploiting a vulnerability
that was publicly known since December 10th, 2006.
Let's hope at least some of them get patched in February's Black Tuesday
patches.
* Symantec Trojan.Mdropper.X
* Current activity at us-cert
* CVE-2007-0621 was assigned to this on the chance of it being a new issue.
With thanks to Juha-Matti, Ryan, and others helping out on this issue as it
developed.