Microsoft Confirms Zero-Day Word Flaw

 
 
By Matthew Hines  |  Posted 2007-02-01 Email Print this article Print
 
 
 
 
 
 
 

Microsoft has confirmed that a vulnerability being used in a wide number of targeted zero-day attacks is an unpatched flaw in its Word program.

According to a post on Symantec's Security Response blog by researcher Eric Chien, Microsoft has verified that the unspecified Code Execution Vulnerability (labeled CVE-2006-6456 by the software maker) is being used to deliver zero-day malware code by attackers.

Since the vulnerability remains unpatched, Symantec is advising users to be wary of opening any unsolicited Word documents that may be sent to them via e-mail.

On Tuesday, Symantec posted its initial report of the attacks that are exploiting the issue, which it named Trojan.Mdropper.X.

The security specialist said that while the documents being used in the targeted attacks are consistent with previous threats it has tracked, Symantec has received different documents using the exploit tailored to threaten a handful of different organizations.

Each of the malicious Word documents is designed to lure users within specific organizations into opening them, including through the use of unique language and content.

The company said the latest vulnerability represents the fifth known unpatched Office file format flaw currently identified by its researchers.

 
 
 
 
del.icio.us | digg.com
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel