• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

       

New MS Word 0-day found
Published: 2006-09-05

A new zero-day vulnerability that affects Microsoft Word 2000 has been discovered, along with a Trojan dropper that installs a backdoor on a user's computer.

Trojan.MDropper.Q was discovered by anti-virus giant Symantec, and takes advantage of a newly discovered vulnerability in Word 2000 to drop a variant of the Backdoor.Femo backdoor (note: SecurityFocus is owned by Symantec Corporation). Anti-virus firm McAfee also discovered the threat and is calling it a worm known as W32/Mofei.worm.

Similar to other recent Microsoft Office vulnerabilities, dangerous documents containing the dropper must be opened by a user of the application in order to cause harm.

Microsoft Office products have seen numerous vulnerabilities exploited in recent months, with over 25 flaws found in 2006 alone.

Posted by: Kelly Martin

       

Expand all | Post comment