Microsoft Word Zero-Day Under Investigation
<p>On December 5, 2006, Microsoft announced they were investigating reports of the exploitation of a zero-day vulnerability in Microsoft Word (described in <a href="http://www.microsoft.com/technet/security/advisory/929433.mspx">Microsoft Security Advisory 929433</a>). There is very little information available regarding the technical details of this new vulnerability. Symantec Security Response is monitoring the situation and will respond appropriately once further information is known.</p>
<p>At this time, Security Response has seen various malware binaries which may be related to the limited reports noted by Microsoft. These files are detected as "Downloader" by LiveUpdate virus definitions, version 12/6/2006 rev. 16. At least one known downloaded file is detected as Backdoor.HackDefender, using Rapid Release virus definitions, version 12/6/2006 rev. 25.</p>
<p>The standard best practices apply in this situation and as such, caution should be exercised when dealing with unsolicited attachments from unknown, and even known, sources.</p>
http://www.symantec.com/enterprise/security_response/weblog/2006/12/microsoft_word_0day_under_inve.html
http://www.symantec.com/enterprise/security_response/weblog/2006/12/microsoft_word_0day_under_inve.html
Wed, 06 Dec 2006 11:10:00 -0800
Linear Mode
