A fifth MS Word zero-day?

Summary:Virus trackers at Symantec have raised an alert for what is believed to be a fifth unpatched -- and previously unknown -- security flaw affecting Microsoft Word.

[Updated: January 31, 2006] Virus trackers at Symantec have raised an alert for what is believed to be a fifth unpatched -- and previously unknown -- security flaw affecting Microsoft Word.  

The company is working with Microsoft's security response center to sort out whether this is unrelated to the four other Word zero-days that remain unpatched. [See 12:58 pm update below].

"We believe this is a new vulnerability, making it the fifth currently unpatched Office file format vulnerability. While these documents are being used in a targeted attack consistent with previous cases, we have received different documents that use this same exploit from multiple organizations," according to a note from Eric Chien, a security response engineer at Symantec.

Chien said the rigged Word documents have each been designed specifically for the targeted organization in both language and content. This clearly suggests either corporate or government espionage, where sophisticated spear phishers use e-mail lures to trick targets into launching dirty .doc files.

The e-mails appear genuine -- coming from a colleague or someone within the organization that routinely send out group messages -- but the attached file comes with a dangerous payload that includes Trojan downloaders and backdoor programs that give an attacker access to a company's entire computer system.

This is why Microsoft's pre-patch guidance is so blunt: "Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources."

If Redmond confirms this is a new (fifth) Word zero-day, a security advisory will be released to warn of the attacks and to provide potential workarounds.

[Update: According to Bugtraq ID 22328, this issue affects Microsoft Word 2003 Viewer, Microsoft Word 2003, Microsoft Office 2003 (SP1 and SP2)]

[Updated: January 31, 2007 @ 12:58 pm]  Just got a note from Microsoft's security response team.  The company's initial investigation shows that this is not a new vulnerability but a duplicate of an already known public issue.

Topics: Security, Enterprise Software, Microsoft


Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.