ZDNet UK - Where Technology Means Business

ZDNet UK

CNET NETWORKS UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007

You are here: ZDNet.co.uk > News > Software

Security threats Toolkit

Attackers exploit 'extremely critical flaw' in Word

Dawn Kawamoto CNET News.com

Published: 05 Sep 2006 17:00 BST

An "extremely critical flaw" in Microsoft Word 2000 is currently being exploited by malicious attackers, which could lead to remote execution of code on a user's system, security researcher Secunia advised on Tuesday.

The vulnerability affects systems running Windows 2000 and occurs when processing malicious Word 2000 documents, according to Secunia's security advisory.

Security company Symantec, which several days ago detected the exploit, Trojan MDropper.Q, noted that it uses a two-step attack.

Trojan MDropper.Q exploits the Microsoft Word vulnerability to drop another file, a new variant of Backdoor.Femo, according to a security advisory by Symantec.

"As with other recent (Microsoft) Office vulnerabilities, documents incorporating the exploit code must be opened with a vulnerable copy of Microsoft Word 2000 for it to work," Symantec's advisory stated. "As such, it makes the vulnerability unsuitable for the creation of self-replicating network worms."

Microsoft has not yet issued a patch for the vulnerability, and users are advised to forgo opening untrusted documents.

This latest exploit of an Office vulnerability follows on the heels of another similar malicious attack in June. In that particular case, users' systems would become infected when opening a malicious Excel document called "okN.xls." That malicious file contained the Trojan horse Mdropper.J, which then dropped the Booli.A program on a user's system. Booli.A would then download more malicious files to the user's PC.

Did you find this article useful?
100 out of 179 people found this useful

Full Talkback thread

1 comment

The artical is a bit bias against Microsoft. Many... Anonymous

Related Links

News Microsoft leaves Word flaws unpatched
News Microsoft besieged by zero-day attacks
News Second zero-day Excel flaw emerges
News Cyber attack targets unpatched Excel flaw
News New security hole found in MS Word

Most Recent
Most Popular
Most Discussed

More In Security threats

Company/Topic Alerts

Create a new alert from the list below:

Related Jobs

CSQA Specialist Computer Systems QualityAssuranceMaidenhead Berkshire

SENIOR IT SECURITY ANALYST - ISO 27001 - WOLVERHAMPTON

Commodities test lead teir1 investment banking

Install Flash Player Plugin

Nasa and the virus

Yesterday the BBC ran a story about a computer virus making it into orbit, which I read with incredulity. OK, it's a nice silly season story on the surface, but what really got me was... More

Customer data found on eBay server hig...

The recent news about customer details being retrieved from a server sold on eBay is yet another story about the sorry state of information security in the electronic age (see: http://news.zdnet.co.uk/...m).... More

Does it matter if you are an aardvark...

In spam terms, apparently it does. According to Cambridge University security expert Richard Clayton, if your email address is aardvark at animal.net, you are more likely to receive... More

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers

Skip Sub Navigation Links to CNET Brand Links

About CNET Networks UK

Copyright © 1995-2008 CNET Networks, Inc. All rights reserved