Microsoft Word Zero-Day Exploit On The Loose ?

Windows Security : Microsoft Word Zero-Day Exploit On The Loose ?

Posted by Max on 2007/1/26 5:08:38 (1301 reads)

Microsoft's security response team has launched an analysis into reports of a zero-day attack against a previously unknown vulnerability affecting its ubiquitous Microsoft Word.

The Redmond, Wash.-based software developer declared it's aware of "very limited attacks" exploiting the reported Word flaw. If the vulnerability—and the corresponding attack— is confirmed, the company is likely to release a pre-patch advisory with workarounds or suggested actions or vulnerable customers.

The vulnerability was revealed during an actual live attack by anti-virus vendor Symantec. It affects multiple versions of Microsoft Word and can be used in successful code execution attacks against users of Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, and Windows XP.

According to an advisory from Symantec, the flaw is not related to the three formerly known Word bugs that remain unpatched.

In the attack scenario discovered by Symantec, a special crafted Word document arrives by e-mail with a decoy to trick the target into opening the file.

"When the infected Word document is opened, it uses an exploit to drop some files onto the computer. These files are back door Trojans that enable an attacker to gain remote access to your computer," the company warned.

Once the exploit is launched, the attacker drops a backdoor Trojan on the infected machine and instantly creates a clean Word document named "Summary on China's 2006 Defense White paper.doc."

The Trojan then checks for Internet connectivity by visiting various Web sites, such as Microsoft, Google or Yahoo and opens a back door on the compromised computer.

It then connects to the pop.newyorkerworld.com domain on TCP port 80 and uses the command prompt specified instructions to carry out basic operations, Symantec said. These could include logging keystrokes or hijacking sensitive documents and uploading them to a remote server.

"To protect yourself against these threats, do not trust uncalled-for files or documents about 'interesting' topics. Do not open attachments unless they are expected and come from a known and trusted source," Symantec warned.

The latest incident closely looks a lot like similar attacks against flaws in Microsoft Office software products, prompting speculation among security researchers that they are closely linked to corporate or even government espionage.

In December 2006, Microsoft confirmed three separate Word flaws that were being used in code-execution attacks against select targets. They remain unpatched.

Previous article - Next article

Other articles
2010/3/18 8:07:31 - Panda Cloud Antivirus Receives ICSA Labs' First Cloud-Based Certification
2010/3/17 15:49:34 - Open-Source Email Security Taken To The Next Level at WebhostingDay
2010/3/17 15:18:40 - McAfee Warns ABout Scareware or Fake Antivirus Software
2010/3/2 5:22:13 - VeriSign and AVG Will Integrate VeriSign Trust(TM) Seal Within AVG LinkScanner(R)
2010/3/1 7:36:12 - New Stealth Software Protects P2P Users From Lawsuits by Copyright Holders
2010/2/24 13:55:16 - New State of The Art Firewall By Palo Alto Networks
2010/2/24 13:50:26 - Beware of Fake Antimalware Programs Like PCsProtector
2010/2/24 13:38:02 - New Registry Cleaner Guide Helps Your PC Perform Faster
2010/2/3 7:32:43 - PC Login Now (Full version) Available Now For Free.
2010/2/3 7:11:57 - Mitto Named One of 20 Top Web Applications

The comments are owned by the poster. We aren't responsible for their content.