[Updated: January 31, 2006] Virus trackers at Symantec have raised an alert for what is believed to be a fifth unpatched -- and previously unknown -- security flaw affecting Microsoft Word.
"We believe this is a new vulnerability, making it the fifth currently unpatched Office file format vulnerability. While these documents are being used in a targeted attack consistent with previous cases, we have received different documents that use this same exploit from multiple organizations," according to a note from Eric Chien, a security response engineer at Symantec.
Chien said the rigged Word documents have each been designed specifically for the targeted organization in both language and content. This clearly suggests either corporate or government espionage, where sophisticated spear phishers use e-mail lures to trick targets into launching dirty .doc files.
The e-mails appear genuine -- coming from a colleague or someone within the organization that routinely send out group messages -- but the attached file comes with a dangerous payload that includes Trojan downloaders and backdoor programs that give an attacker access to a company's entire computer system.
This is why Microsoft's pre-patch guidance is so blunt: "Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources."
If Redmond confirms this is a new (fifth) Word zero-day, a security advisory will be released to warn of the attacks and to provide potential workarounds.
[Update: According to Bugtraq ID 22328, this issue affects Microsoft Word 2003 Viewer, Microsoft Word 2003, Microsoft Office 2003 (SP1 and SP2)]
[Updated: January 31, 2007 @ 12:58 pm] Just got a note from Microsoft's security response team. The company's initial investigation shows that this is not a new vulnerability but a duplicate of an already known public issue.