Microsoft Word hit by zero-day attack

— 10:49 AM on May 20, 2006

eWEEK reports on a new flaw in Microsoft Word that allows the installation of a Trojan horse via a simple, maliciously crafted Word document. The document is said to come attached in an e-mail that appears legit and is not detected by anti-virus software.

When the .doc attachment is opened, it exploits a previously unknown vulnerability in Microsoft Word and infects a fully patched Windows system. The exploit functioned as a dropper, extracting and launching a Trojan that immediately overwrites the original Word document with a "clean," uninfected copy.

"As a result of the exploit, Word crashes, informs the user of a problem, and offers to attempt to re-open the file. If the user agrees, the new 'clean' file is opened without incident," the ISC explained.

Systems infected with the Trojan horse are said to enable malicious attackers to perform a variety of tasks, including reading, writing, deleting, and searching for files and directories, starting and closing programs, modifying the Windows Registry, taking screenshots, and shutting down Windows. The Trojan also phones home to China to report information about infected systems. The CTO for security company Exploit Prevention Labs claims this type of attack "feels like espionage, perhaps industrial."
Like what we're doing? Pay what you want to support TR and get nifty extra features.
Top contributors
1. BIF - $340 2. Ryu Connor - $250 3. mbutrovich - $250
4. YetAnotherGeek2 - $200 5. End User - $150 6. Captain Ned - $100
7. Anonymous Gerbil - $100 8. Bill Door - $100 9. ericfulmer - $100
10. dkanter - $100
Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.