Multiple Organizations Targeted by Zero-Day Exploit
<p>We have received some additional Word documents that exploit an unpatched Microsoft Word vulnerability. These documents are detected as Trojan.Mdropper.X. We believe this is a new vulnerability, making it the fifth currently unpatched Office file format vulnerability. While these documents are being used in a targeted attack consistent with previous cases, we have received different documents that use this same exploit from multiple organizations. The documents have been each designed specifically for the targeted organization in both language and content.</p>
<p>The vulnerability could be a slight variation or may be covered by the existing CVEs and we are awaiting confirmation from Microsoft Security Response Center. Nevertheless, no patches appear to be available, so, as always, be careful opening unsolicited Word documents.</p>
<p><strong>Update - Feb 1st, 2007 11:40 UTC:</strong> We have received confirmation from Microsoft that the vulnerability being used in these attacks is in fact a further variant of the <a href="http://www.securityfocus.com/bid/21518">Microsoft Word Unspecified Code Execution Vulnerability</a> (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6456">CVE-2006-6456</a>). Nevertheless, since this is an as-yet unpatched vulnerability, and is being actively exploited in the wild, we advise our customers to remain vigilant and be wary of opening unsolicited Word documents. </p>
http://www.symantec.com/enterprise/security_response/weblog/2007/01/multiple_organizations_targett.html
http://www.symantec.com/enterprise/security_response/weblog/2007/01/multiple_organizations_targett.html
Tue, 30 Jan 2007 14:00:00 -0800
Linear Mode
