Word flaw hit with zero-day attack

By Dawn Kawamoto
Staff Writer, CNET News.com Published: September 5, 2006 7:59 AM PDT

Tools

Related Stories: New Excel zero-day flaw used in attacks
June 16, 2006; Microsoft plugs 21 security holes
June 13, 2006; Bumper crop of Microsoft patches on the way
June 8, 2006

An "extremely critical flaw" in Microsoft Word 2000 is currently being exploited by malicious attackers, which could lead to remote execution of code on a user's system, security researcher Secunia advised Tuesday.

The vulnerability affects systems running Windows 2000 and occurs when processing malicious Word 2000 documents, according to Secunia's security advisory.

Security company Symantec, which several days ago detected the exploit, Trojan MDropper.Q, noted that it uses a two-step attack.

Trojan MDropper.Q exploits the Microsoft Word vulnerability to drop another file, a new variant of Backdoor.Femo, according to a security advisory by Symantec.

"As with other recent (Microsoft) Office vulnerabilities, documents incorporating the exploit code must be opened with a vulnerable copy of Microsoft Word 2000 for it to work," Symantec's advisory stated. "As such, it makes the vulnerability unsuitable for the creation of self-replicating network worms."

Microsoft has not yet issued a patch for the vulnerability, and users are advised to forgo opening untrusted documents.

This latest exploit of an Office vulnerability follows on the heels of a similar malicious attack in June. In that particular case, users' systems would become infected when opening a malicious Excel document called "okN.xls." That malicious file contained the Trojan horse Mdropper.J, which then dropped the Booli.A program on a user's system. Booli.A would then download more malicious files to the user's PC.

More from News.com on this story's topics: Flaws
RSS feed; Patches
RSS feed; Security threats
Create an email alert | RSS feed; Microsoft Office
Create an email alert | RSS feed; Microsoft
Create an email alert | RSS feed

See more CNET content tagged:
Microsoft Word 2000, trojan horse, vulnerability, Microsoft Word, Symantec Corp.

Add a Comment (Log in or register) 44 comments (Page 1 of 2)

Word 2000?
by roger.d.miller September 5, 2006 8:37 AM PDT: Word 2000. Who uses that?; Reply to this comment View all 3 replies
Processing

Hard to imagine...
by jwarren.carroll September 5, 2006 10:23 AM PDT: This as a really big threat since:

a.) You have to be running Word2k on a Win2k box
b.) You have to open a "malicious" word document
c.) It is not really a virus, but a backdoor allowing (probably) remote access to your PC

I don't know about you guys, but I don't make it a habit of opening random word documents off the internet that reek of malicious intent. But hey, if you DO decide to open that "10 ways to increase your potency in bed" document off of limewire, or that atachment in your e-mail inbox from LonleyWife, or HotMilf, then you deserve to have your computer infected.

I know this doesn't excuse the fact that there is a security flaw, but software development is an imperfect art. Anybody who thinks otherwise has never, ever coded a single line of code and compiled it.; Reply to this comment View all 2 replies
Processing

Word 2000
by poisond September 5, 2006 10:37 AM PDT: I still use Word 2000, I have both 2003 and XP versions but have uninstalled them and kept 2000 because its faster and does everything I want.; Reply to this comment

WordPerfect or OpenOffice.
by System Tyrant September 5, 2006 2:35 PM PDT: I post this with a big ol' smile on my face. Not because of a Microsoft exploit or because I wan't people to switch to OpenOffice or WordPerfect. The smile is because anybody who believes the need a full blown office suite or even a powerful document editor is probably just smoking something they shouldn't be.

Sure there is a need for some to use more powerful document editors, but most people don't need it. We use WordPerfect in my office, but the truth is for most of them here Wordpad would be fine. We would probably use Word, but WordPerfect works great, does all we need, and cost less than Microsoft Office. We could use OpenOffice, but we don't.

If you own Word or WordPerfect and all you do is type then you wasted your money. Next time download OpenOffice or just use wordpad.

As far a security goes I just say keep or AV upto date and your firewall active. All software has flaws, even open source ones.; Reply to this comment View reply
Processing

Figures, more Microgarbage
by Mergatroid Mania September 5, 2006 3:48 PM PDT: Why would anyone made a "word processor" that can "execute code"?

This is the problem. If it was a word processor, there would be no way to execute code on it. But, since the company that put it out (we all know who that is) decides in their wisdom that their word processor should actually be some kind of high level programming language (in addition to a word processor), we get problems like this. Other companies have jumped on the bandwagon too, and now you have a hard time finding a simple ordinary word processing program. Even if you did, it wouldn't be able to open the letter you just got from your mom because she used one of the bloated popular programs.
This is why the software in question will never be installed on my computer. How in the world can anyone, and I mean ANYONE, justify a WORDPROCESSOR being a security risk?
This is one of the MANY reasons why I have to HOLD MY NOSE while I'm using my PC.

I'm really hoping, before I die, to see Linux with some kind of directx emulator or something. If that happened, I'd drop MS and NEVER BUY ANOTHER ONE OF THEIR PRODUCTS EVER.

Fat Chance.; Reply to this comment View reply
Processing

Another day, another M$ vulnerability...
by extinctone September 5, 2006 4:00 PM PDT: When will these people learn, the single most effective defense is never use Microsoft products.; Reply to this comment

Extremely critical????
by herby67 September 5, 2006 7:06 PM PDT: In the computing security word it is accepted that a "Critical" flaw is one that allows for automated propagation of a threat. There's no accepted definition for "Extremely Critical" but it would definitely be something more critical than "Critical". This vulnerability doesn't allow for that. In most vulnerability assessment schemes it would only rank as "Important" or something on that order. But definitely not "Extremely Critical". Now tell me why a not critical vulnerability for an extremely old version (Word XP and Word 2003 are quite major releases for Word, and Word 2007 is due in a few months) of a Word Processor is front page news...; Reply to this comment View all 2 replies
Processing

What to do
by thedreaming September 6, 2006 7:17 AM PDT: If you have use the affected office software, have it patched right away and get on with your life. Don't swallow the hype here at cnet where every little security flaw or exploit is celebrated like the end of the world. It's not.; Reply to this comment

Sigh
by Gino Deblauwe September 6, 2006 9:28 AM PDT: How many different people in different threads have to say to you "YOU DON'T HAVE A CLUE"

* Read a bit (not only on M$ fansites)
* Talk to normal people (end users) about their problems to learn their needs
* Talk to people from small companies to learn their needs
* Talk to people from internationals to learn their needs
* Learn C/C++ and see what it can do with little resources and compare it with the same in .NET or VB
* Test a lot (Try for instance a good linux distro, perhaps Gentoo? Or Borrow an old MAC (8 years old and still running, or something like that))

Combine the things you learned with an open mind, and then come back with a funded reply. I saw your name in countless ridiculous comments in the last weeks. I just can tell you 1 thing: you know jack **** about PC's; Reply to this comment View reply
Processing

We do.
by totorototoro September 6, 2006 10:55 AM PDT: We still use Office 2000. It has all the features we need. Several of our machines have Office XP, because they shipped with it installed, but there are no compelling reasons for us to upgrade all of our machines to it. MS has extended support for Office 2000 until 2009.; Reply to this comment