On their web site Symantec has reported a new zero day exploit in Word 2000 running under Windows 2000.

Recent months have seen a lot of activity around the discovery and exploitation of vulnerabilities in the Microsoft Office 2003 suite of applications. A large number of vulnerabilities in Microsoft Word, PowerPoint and Excel have been identified. A number of these have been used by new Trojans, e.g. the Trojan.PPDropper and Trojan.MDropper families. Because of this Microsoft has been issuing a series of patches for its Office 2003 suite.

Recently, Symantec has seen samples of a Trojan that exploits a previously unknown vulnerability in Microsoft Word 2000 running on Windows 2000. This Trojan (detected by Symantec products as Trojan.MDropper.Q) takes advantage of the vulnerability to drop another file onto the target computer. Detected as a Trojan, this dropped file in turn drops another file, a new variant of Backdoor.Femo. As with other recent Office vulnerabilities, documents incorporating the exploit code must be opened with a vulnerable copy of Microsoft Word 2000 for it to work. As such, it makes the vulnerability unsuitable for the creation of self-replicating network worms.

Microsoft Office vulnerabilities are used for for social engineering and email based attacks, and files from the MS Office suite - often exchanged freely across trust boundaries - are excellent places to hide malicious code, as indeed they have been for a number of years. Our advice to users is as always: do not open MS Office files that you receive unexpectedly by email before first checking that you know the sender and that the file is legitimate. Even then, of course run updated anti-virus protection.

Related links: (Open in a new window.)
www.symantec.com/enterprise/security_response/weblog/2006/09/new_tricks_with_old_software.html

View printable version (opens in new window)
Back