Zero-Day PowerPoint Exploit Surfaces
Symantec on Wednesday issued an advisory about a new trojan that takes advantage of an undocumented vulnerability in PowerPoint to infect a victim's computer with a backdoor. The malware, dubbed Trojan.PPDropper.B, uses a malformed string to execute code and modify EXPLORER.EXE.
While Symantec only gives PPDropper.B a risk level of "Very Low," Sunbelt Software CEO Alex Eckelberry notes that the attack looks more intended for corporate espionage than causing widespread damage. The trojan is currently being spread via e-mail, with a subject containing Chinese characters.