AOH :: ISN-2960.HTM

Word flaw hit with zero-day attack

Word flaw hit with zero-day attack
Word flaw hit with zero-day attack 

By Dawn Kawamoto
Staff Writer, CNET
September 5, 2006

An "extremely critical flaw" in Microsoft Word 2000 is currently being
exploited by malicious attackers, which could lead to remote execution
of code on a user's system, security researcher Secunia advised

The vulnerability affects systems running Windows 2000 and occurs when
processing malicious Word 2000 documents, according to Secunia's
security advisory.

Security company Symantec, which several days ago detected the
exploit, Trojan MDropper.Q, noted that it uses a two-step attack.

Trojan MDropper.Q exploits the Microsoft Word vulnerability to drop
another file, a new variant of Backdoor.Femo, according to a security
advisory by Symantec.

"As with other recent (Microsoft) Office vulnerabilities, documents
incorporating the exploit code must be opened with a vulnerable copy
of Microsoft Word 2000 for it to work," Symantec's advisory stated.  
"As such, it makes the vulnerability unsuitable for the creation of
self-replicating network worms."

Microsoft has not yet issued a patch for the vulnerability, and users
are advised to forgo opening untrusted documents.

This latest exploit of an Office vulnerability follows on the heels of
a similar malicious attack in June. In that particular case, users'
systems would become infected when opening a malicious Excel document
called "okN.xls." That malicious file contained the Trojan horse
Mdropper.J, which then dropped the Booli.A program on a user's system.  
Booli.A would then download more malicious files to the user's PC.

HITBSecConf2006 - Malaysia 
The largest network security event in Asia 
32 internationally renowned speakers 
7 tracks of hands-on technical training sessions. 
Register now: 

Site design & layout copyright © 1986-2014 CodeGods