Vulnerabilities in Word - give me five!
In its blog, Symantec reports a fifth unpatched vulnerability in Word, with which code can be injected onto and executed on a system using prepared Word documents. According to Symantec, the vulnerability is currently being exploited by the trojan Mdropper.X as part of targeted attacks on companies. The language and content of the documents have been adapted to the type of business being attacked.
Microsoft is apparently already looking at the vulnerability, but has not yet officially confirmed that it is in fact a new one. Microsoft finally confirmed the fourth vulnerability in Word and warned of attacks at the weekend. If an infected file is opened, the trojan installs itself and downloads additional programs. Neither the dropper nor the downloaded files are yet recognised by all anti-virus software.
As with the four previous Word vulnerabilities, since no patch is yet available, users should exercise maximum caution when opening received documents and if necessary check with the sender. Information on protection from viruses and worms can be found in heise Security's anti-virus section. The Emailcheck gives detailed information on typical hazards relating to e-mails and tips for configuring settings.
- Multiple Organizations Targeted by Zero-Day Exploit, entry on the Symantec blog by Eric Chien
- Trojan.Mdropper.X, description from Symantec