Mdropper.H Trojan.
SmartTag exploit.
Vulnerability details
Advisory: SB2006061301 - Remote code execution in Microsoft Word
Vulnerable component: Microsoft Word
CVE-ID: CVE-2006-2492
CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-120 - Buffer overflow
Description:
The vulnerability allows a remote user to execute arbitrary code on the target system.
The weakness is due to buffer overflow. By persuading the victim to open a specially crafted Word file containing a malformed object pointer, a remote attacker can execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: this vulnerability was being actively exploited.
External links:
https://technet.microsoft.com/en-us/library/security/ms06-027.aspx
https://blogs.technet.microsoft.com/msrc/2006/05/20/a-quick-check-in-on-the-word-vulnerability/
https://blogs.microsoft.com/microsoftsecure/2011/09/28/targeted-attacks-and-the-need-to-keep-documen...
http://www.networkworld.com/article/2266902/lan-wan/microsoft--rogue--security--software-a-rising-th...
https://www.theguardian.com/technology/blog/2010/apr/26/microsoft-security-intelligence-report
http://www.bcs.org/content/conWebDoc/11820
http://rbach.net/blog/index.php/msft-security-report/
http://garwarner.blogspot.com/2009/04/microsoft-security-intelligence-report.html
https://www.itnews.com.au/news/taiwanese-gang-exploits-microsoft-word-81693
http://www.marketwired.com/press-release/MessageLabs-Intelligence-Targeted-Attack-Report-Criminal-Ri...