Jan 30, 2007

[Malware Warning] New MS Word Zero-day Exploit in the Wild

A new Microsoft Word 2000 zero-day exploit has been found. Microsoft has released a security advisory about this vulnerability, and a patch may be issued this coming February Patch Tuesday.

This vulnerability is present on Word 2000. When opened, a malicious .DOC file may corrupt system memory, allowing a remote user to execute arbitrary code on the affected system. This vulnerability does not affect any other Word versions.

Trend Micro detects the exploid code as TROJ_MDROPPER.EQ, and Symantec detects this as Trojan.Mdropper.W.

The usual precautions apply. Do not open email attachments from unknown sources. Update your antivirus apps. Patch your system when patches are available.

No comments:

Post a Comment