Trojan code targets Word 2000 vulnerabilities

Posted on 5 Sep 2006 at 13:01

Security companies are warning of a spate of new Trojan code targeting unpatched vulnerabilities in Word 2000.

Security companies are warning of a spate of new Trojan code targeting unpatched vulnerabilities in Word 2000.

Symantec said over the weekend that it had unearthed evidence of malicious code exploiting a previously unknown flaw in the Microsoft software.

The attack uses the flaw to incorporate a Trojan into a specially-crafted Word document, which once opened, downloads more malicious code onto the target computer.

Secunia describes the vulnerability as 'Extremely critical', potentially offering the attacker remote system access.

It has been verified running Word 2000 on Windows 2000, but other versions may also be affected.

Symantec's Hon Lau said: 'Microsoft Office vulnerabilities are a great platform for social engineering and email based attacks. Enterprises, small businesses and consumers continue to share and exchange information using Microsoft Office documents. As most of these document types are generally allowed to pass through most firewalls and security solutions, Microsoft Office documents are good vehicle for hiding executable malicious code.'

The companies advise users to be wary of unsolicited emails with Word docs attached until a patch has been released.

Author: Matt Whipp