An unpatched security flaw in PowerPoint is not so new after all, according to Microsoft, which claims it fixed the problem earlier this month.
On Saturday, Trend Micro published a description of a Trojan called Troj_mdropper.bh which, it claimed, exploited an undocumented bug in PowerPoint. The description was based on code samples retrieved on 17 August, according to Trend Micro.
The initial report was published without consulting Microsoft, and initially Trend Micro said the flaws exploited were different from the PowerPoint bugs patched in advisory MS06-048 on 8 August. The flaw was widely reported, including on the US government's National Vulnerabilities Database.
Once Microsoft received samples of the code, it tested them and found that, in fact, MS06-048 did fix the problem, the company said late on Monday. Trend Micro has been forced to amend its initial report, which now states that "This malware exploits a known vulnerability in Windows," and recommends downloading the patch.
The Trojan does, however, still affect unpatched systems.
Once Troj_mdropper.bh arrives on a system, either downloaded from the internet or dropped off by other malware, it exploits the known PowerPoint bug, allowing it to execute arbitrary code on Windows, according to Trend Micro. It attempts to drop the Small-CMZ Trojan into the temporary folder of the machine, and Small-CMZ, in turn, attempts to download various other malware from the internet.