iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > News > Security News > Critical Zero-Day Exploit Hits Word
Search:
[ news_security_news ]

Critical Zero-Day Exploit Hits Word



David Utter
Staff Writer
2006-09-05

SecurityProNews: Insider Reports Insider Reports RSS Feed


Microsoft Word 2000 has a new exploit in the wild that could force remote code execution in a vulnerable machine.

For system administrators out there who have kept their staffs trapped on ancient computers running Windows 2000 and Word 2000, the Day of Judgment may be at hand. Secunia reported that attackers are actively exploiting the vulnerability.

"The vulnerability is caused due to an unspecified error when processing Word documents," read the alert. "This can be exploited to execute arbitrary code when a malicious document is opened."

Secunia also allowed for the possibility that other systems besides Word 2000 may be affected by the problem, but they have not referenced anything besides Windows 2000 running Word 2000.

The advisory site referenced a post on Symantec's Security Response Weblog about the problem. Hon Lau described what Symantec has discovered:

This Trojan (detected by Symantec products as Trojan.MDropper.Q) takes advantage of the vulnerability to drop another file onto the target computer. Detected as a Trojan, this dropped file in turn drops another file, which turns out to be new variant of Backdoor.Femo. As with other recent Office vulnerabilities, documents incorporating the exploit code must be opened with a vulnerable copy of Microsoft Word 2000 for it to work. As such, it makes the vulnerability unsuitable for the creation of self-replicating network worms.
If this information proves correct, then the spread of the Trojan may be limited by the nature of the vulnerability.

News of this problem appeared on Symantec's site on Sunday, in the middle of the US Labor Day holiday weekend. Symantec has sued Microsoft over the use of Veritas backup technology in Windows Vista.

That lawsuit was followed a day later by Symantec's publication of the discovery of a Word 2003 vulnerability and exploit, which no one else had detected to that time.

The newly discovered Trojan follows the naming sequence of the one uncovered in May 2006; that one was called Trojan.MDropper.H. This indicates the code for the two Trojans is probably similar in composition and function.

---
Tags: , ,

Add to Del.icio.us | Digg | Yahoo! My Web | Furl

Get all the updates in RSS:




About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More news_security_news Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds