Information Security News
mailing list archives
Word flaw hit with zero-day attack
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 6 Sep 2006 01:07:03 -0500 (CDT)
By Dawn Kawamoto
Staff Writer, CNET News.com
September 5, 2006
An "extremely critical flaw" in Microsoft Word 2000 is currently being
exploited by malicious attackers, which could lead to remote execution
of code on a user's system, security researcher Secunia advised
The vulnerability affects systems running Windows 2000 and occurs when
processing malicious Word 2000 documents, according to Secunia's
Security company Symantec, which several days ago detected the
exploit, Trojan MDropper.Q, noted that it uses a two-step attack.
Trojan MDropper.Q exploits the Microsoft Word vulnerability to drop
another file, a new variant of Backdoor.Femo, according to a security
advisory by Symantec.
"As with other recent (Microsoft) Office vulnerabilities, documents
incorporating the exploit code must be opened with a vulnerable copy
of Microsoft Word 2000 for it to work," Symantec's advisory stated.
"As such, it makes the vulnerability unsuitable for the creation of
self-replicating network worms."
Microsoft has not yet issued a patch for the vulnerability, and users
are advised to forgo opening untrusted documents.
This latest exploit of an Office vulnerability follows on the heels of
a similar malicious attack in June. In that particular case, users'
systems would become infected when opening a malicious Excel document
called "okN.xls." That malicious file contained the Trojan horse
Mdropper.J, which then dropped the Booli.A program on a user's system.
Booli.A would then download more malicious files to the user's PC.
HITBSecConf2006 - Malaysia
The largest network security event in Asia
32 internationally renowned speakers
7 tracks of hands-on technical training sessions.
Register now: http://conference.hitb.org/hitbsecconf2006kl/
- Word flaw hit with zero-day attack InfoSec News (Sep 06)