The ward is a factory for the Combine
0-day vulnerability in Microsoft Word: Do Not Open Untrusted Microsoft Office Documents!
Secunia Advisory: SA20153 Release Date: 2006-05-19 Critical: Extremely critical Impact: System access Where: From remote Solution Status: Unpatched Software: Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office XP
Microsoft Word 2002
Microsoft Word 2003
A vulnerability has been reported in Microsoft Word, which can be exploited by malicious people to compromise a user’s system.
The vulnerability is caused due to an unspecified error. This can be exploited to execute arbitrary code.
NOTE: This vulnerability is being actively exploited.
The vulnerability has been reported in Microsoft Word 2002 and Microsoft Word 2003.
“We are still analyzing the trojan dropped by the exploit. What we do know is that it communicates back to localhosts[dot]3322[dot]org via HTTP. It is proxy-aware, and “pings” this server using HTTP POSTs of 0 bytes (no data actually POSTed) with a periodicity of approximately one minute. It has rootkit-like functionality, hiding binary files associated with the exploit (all files on the system named winguis.dll will not be shown in Explorer, etc.), and invokes itself automatically by including the trojan binary in
Note that, as of this morning, no anti-virus signatures detected this file as problematic according to virustotal.com