Follow:

 

Exploit:Win32/Evenex.gen


Exploit:Win32/Evenex.gen is a generic detection for malware, which exploit a vulnerability in a specially crafted Excel document that may corrupt system memory allowing the attacker to execute arbitrary code.
Microsoft has published Microsoft Security Advisory 968272 related to this threat:


What to do now

Exploit:Win32/Evenex.gen may download and install additional malicious software, thus manual removal is not recommended. Use Microsoft Security Essentials or another up-to-date scanning and removal tool to detect and remove this threat and other unwanted software from your computer. For more information on Microsoft security products, see http://www.microsoft.com/protect/products/computer/default.mspx.
 

Threat behavior

Exploit:Win32/Evenex.gen is a generic detection for malware, which exploit a vulnerability in a specially crafted Excel document that may corrupt system memory allowing the attacker to execute arbitrary code.
Installation
In order for this attack to be carried out, a user must first open a specially crafted Excel file attached to an e-mail or otherwise provided to them by an attacker. If a user opens the malicious Excel document using a vulnerable computer, the exploit could execute arbitrary code which could include any number of actions such as downloading or installing other malware.
Additional Information

Symptoms

An attacker who successfully exploited this vulnerability could run arbitrary code as the currently logged-on user.
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).

Prevention


Alert level: Severe
First detected by definition: 1.51.1123.0
Latest detected by definition: 1.51.1123.0 and higher
First detected on: Feb 25, 2009
This entry was first published on: Feb 24, 2009
This entry was updated on: May 17, 2010

This threat is also detected as:
  • Exploit-MSExcel.r (McAfee)
  • ShellCode.B (Norman)
  • Mal/DocDrop-A (Sophos)
  • Trojan.Mdropper.AC (Symantec)
  • CVE-2009-0238 (other)