An MS04-032 proof-of-concept exploit has become a real one. Thankfully, it is not widespread but it provides a new method of attack on unpatched systems. Everyone is encouraged to complete Windows Updates as soon as they canMS04-032: Ecommander Backdoorhttp://www.symantec.com/avcenter/venc/data...mcommander.html
Backdoor.Emcommander is a Backdoor Trojan distributed as an EMF image file. It exploits the Microsoft Windows WMF/EMF Image Format Rendering Remote Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS04-032) and allows an attacker to control the compromised system.
Opens a backdoor on TCP port 31337 and listens for commands from an attacker. The port number may vary because Backdoor.Emcommander can be built with a Backdoor.ConstructKit tool, where the port number can be specified as a parameter. Executes the remote command sent by the attacker through the Internet. The remote command is executed through "cmd.exe" of the compromised system