Exploit.W97.Ginwui.Gen( Trojan-Dropper.MSWord.1Table.bd, TrojanDropper:Win32/Tagword.B, Win32/Ginwui.A!Dropper, Exploit-OleData.gen )
SYMPTOMS: <p class="MsoNormal">&nbsp;&nbsp;&nbsp; When an infected document is executed, MS Word 2003 will report a message stating that an error has occurred and offer to reopen the document. If the user agrees, the second time, the document will be opened without any errors. </p>TECHNICAL DESCRIPTION: <p style="text-indent: 0.5in;" class="MsoNormal">The exploit affects Microsoft Word 2003. When an infected document is opened, the exploit will allow code execution on the infected machine without the user's intervention.</p> <p style="text-indent: 0.5in;" class="MsoNormal"><span style="">&nbsp;</span>The exploitable fields needed for the exploit to work are located in the Worddocument and 0Table (possible 1Table) streams of a MS Word document. </p> <p style="text-indent: 0.5in;" class="MsoNormal">The current exploatation of this vulnerability consists of code dropping a Backdoor on the infected machine, wich is detected by BitDefender as Backdoor.Ginwui.A</p>Removal instructions: Please let BitDefender disinfect your files.ANALYZED BY: BitDefender research team |