Symantec Discovers New Word Attack

Microsoft is investigating reports of a new zero-day attack on Microsoft Word, and is aware of "very limited attacks" exploiting the vulnerability. Worse yet, it is not related to three other flaws in Word unpatched by Microsoft, says Symantec.

The issue is known to affect Office XP, 2000 and Office 2003 on Windows 95, NT, 98, Me, 2000, Server 2003 and XP. It is known that the exploit involves the execution of arbitrary code, but specifics of the actual issue are not yet known.

When an attack is launched against either Word 2003 or XP, CPU resources are completely consumed and a denial-of-service results. The issue was discovered after one of Symantec's researchers spotted the exploit during a live attack.

In that attack, a specially crafted Word document arrives via e-mail, attempting to trick the user into opening it. When launched, the exploit installs a Trojan that opens a backdoor on the infected computer.

From there, the Trojan connects to a remote server and sends sensitive documents and logged keystrokes, Symantec warned.

"To protect yourself against these threats, do not trust unsolicited files or documents about 'interesting' topics," the company said in a security alert. "Do not open attachments unless they are expected and come from a known and trusted source."

Currently, no patch or workaround for the issue exists, Symantec said. If Microsoft confirms the vulnerability, it would likely issue an advisory and suggest workarounds to avoid the issue.