John Wilcock wrote:
http://www.microsoft.com/technet/security/advisory/929433.mspx
It's not clear from MS or news sources whether any exploits are actively
spreading...
To my knowledge there is (at least) 1 known case - malware dropped when
viewing the exploited Word document.
Does ClamAV have any signatures yet?
ATM I don't know if ClamAV is able to detect the dropped component,
since I'm unable to locate a relevant sample. If someone has one please
submit it through the submission page.
Adding a signature to generic detect the exploit isn't possible yet,
since information about the vulnerability hasn't been disseminated.
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5994
http://secunia.com/advisories/23232/
Best regards,
Diego d'Ambra
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
