Word flaw hit with zero-day attack

An "extremely critical flaw" in Microsoft Word 2000 is currently being exploited by malicious attackers, which could lead to remote execution of code on a user's system, security researcher Secunia advised Tuesday.

The vulnerability affects systems running Windows 2000 and occurs when processing malicious Word 2000 documents, according to Secunia's security advisory.

Security company Symantec, which several days ago detected the exploit, Trojan MDropper.Q, noted that it uses a two-step attack.

Trojan MDropper.Q exploits the Microsoft Word vulnerability to drop another file, a new variant of Backdoor.Femo, according to a security advisory by Symantec.

"As with other recent (Microsoft) Office vulnerabilities, documents incorporating the exploit code must be opened with a vulnerable copy of Microsoft Word 2000 for it to work," Symantec's advisory stated. "As such, it makes the vulnerability unsuitable for the creation of self-replicating network worms."

Microsoft has not yet issued a patch for the vulnerability, and users are advised to forgo opening untrusted documents.

This latest exploit of an Office vulnerability follows on the heels of a similar malicious attack in June. In that particular case, users' systems would become infected when opening a malicious Excel document called "okN.xls." That malicious file contained the Trojan horse Mdropper.J, which then dropped the Booli.A program on a user's system. Booli.A would then download more malicious files to the user's PC.

More from News.com on this story's topics

Flaws

RSS feed

Patches

RSS feed

Security threats

Create an email alert | RSS feed

Microsoft Office

Create an email alert | RSS feed

Microsoft

Create an email alert | RSS feed

See more CNET content tagged:
Microsoft Word 2000, trojan horse, vulnerability, Microsoft Word, Symantec Corp.

Add a Comment (Log in or register) 44 comments (Page 1 of 2)
Word 2000?
by roger.d.miller September 5, 2006 8:37 AM PDT
Word 2000. Who uses that?
Reply to this comment View all 3 replies
Hard to imagine...
by jwarren.carroll September 5, 2006 10:23 AM PDT
This as a really big threat since:

a.) You have to be running Word2k on a Win2k box
b.) You have to open a "malicious" word document
c.) It is not really a virus, but a backdoor allowing (probably) remote access to your PC

I don't know about you guys, but I don't make it a habit of opening random word documents off the internet that reek of malicious intent. But hey, if you DO decide to open that "10 ways to increase your potency in bed" document off of limewire, or that atachment in your e-mail inbox from LonleyWife, or HotMilf, then you deserve to have your computer infected.

I know this doesn't excuse the fact that there is a security flaw, but software development is an imperfect art. Anybody who thinks otherwise has never, ever coded a single line of code and compiled it.
Reply to this comment View all 2 replies
Word 2000
by poisond September 5, 2006 10:37 AM PDT
I still use Word 2000, I have both 2003 and XP versions but have uninstalled them and kept 2000 because its faster and does everything I want.
Reply to this comment
WordPerfect or OpenOffice.
by System Tyrant September 5, 2006 2:35 PM PDT
I post this with a big ol' smile on my face. Not because of a Microsoft exploit or because I wan't people to switch to OpenOffice or WordPerfect. The smile is because anybody who believes the need a full blown office suite or even a powerful document editor is probably just smoking something they shouldn't be.

Sure there is a need for some to use more powerful document editors, but most people don't need it. We use WordPerfect in my office, but the truth is for most of them here Wordpad would be fine. We would probably use Word, but WordPerfect works great, does all we need, and cost less than Microsoft Office. We could use OpenOffice, but we don't.

If you own Word or WordPerfect and all you do is type then you wasted your money. Next time download OpenOffice or just use wordpad.

As far a security goes I just say keep or AV upto date and your firewall active. All software has flaws, even open source ones.
Reply to this comment View reply
Figures, more Microgarbage
by Mergatroid Mania September 5, 2006 3:48 PM PDT
Why would anyone made a "word processor" that can "execute code"?

This is the problem. If it was a word processor, there would be no way to execute code on it. But, since the company that put it out (we all know who that is) decides in their wisdom that their word processor should actually be some kind of high level programming language (in addition to a word processor), we get problems like this. Other companies have jumped on the bandwagon too, and now you have a hard time finding a simple ordinary word processing program. Even if you did, it wouldn't be able to open the letter you just got from your mom because she used one of the bloated popular programs.
This is why the software in question will never be installed on my computer. How in the world can anyone, and I mean ANYONE, justify a WORDPROCESSOR being a security risk?
This is one of the MANY reasons why I have to HOLD MY NOSE while I'm using my PC.

I'm really hoping, before I die, to see Linux with some kind of directx emulator or something. If that happened, I'd drop MS and NEVER BUY ANOTHER ONE OF THEIR PRODUCTS EVER.

Fat Chance.
Reply to this comment View reply
Another day, another M$ vulnerability...
by extinctone September 5, 2006 4:00 PM PDT
When will these people learn, the single most effective defense is never use Microsoft products.
Reply to this comment
Extremely critical????
by herby67 September 5, 2006 7:06 PM PDT
In the computing security word it is accepted that a "Critical" flaw is one that allows for automated propagation of a threat. There's no accepted definition for "Extremely Critical" but it would definitely be something more critical than "Critical". This vulnerability doesn't allow for that. In most vulnerability assessment schemes it would only rank as "Important" or something on that order. But definitely not "Extremely Critical". Now tell me why a not critical vulnerability for an extremely old version (Word XP and Word 2003 are quite major releases for Word, and Word 2007 is due in a few months) of a Word Processor is front page news...
Reply to this comment View all 2 replies
What to do
by thedreaming September 6, 2006 7:17 AM PDT
If you have use the affected office software, have it patched right away and get on with your life. Don't swallow the hype here at cnet where every little security flaw or exploit is celebrated like the end of the world. It's not.
Reply to this comment
Sigh
by Gino Deblauwe September 6, 2006 9:28 AM PDT
How many different people in different threads have to say to you "YOU DON'T HAVE A CLUE"

* Read a bit (not only on M$ fansites)
* Talk to normal people (end users) about their problems to learn their needs
* Talk to people from small companies to learn their needs
* Talk to people from internationals to learn their needs
* Learn C/C++ and see what it can do with little resources and compare it with the same in .NET or VB
* Test a lot (Try for instance a good linux distro, perhaps Gentoo? Or Borrow an old MAC (8 years old and still running, or something like that))

Combine the things you learned with an open mind, and then come back with a funded reply. I saw your name in countless ridiculous comments in the last weeks. I just can tell you 1 thing: you know jack **** about PC's
Reply to this comment View reply
We do.
by totorototoro September 6, 2006 10:55 AM PDT
We still use Office 2000. It has all the features we need. Several of our machines have Office XP, because they shipped with it installed, but there are no compelling reasons for us to upgrade all of our machines to it. MS has extended support for Office 2000 until 2009.
Reply to this comment
1 | 2 | Next 10 Comments >>
Powered by Jive Software
advertisement
RSS Feeds
Add headlines from CNET News.com to your homepage or feedreader.
Google
Yahoo
MSN
More feeds available in our RSS feed index.

Latest tech news headlines

Most Popular Stories
Google's search secret: It gets rid of you
Developer creates copy-paste tech for iPhone
Will Wright on the origins of 'Spore'
Palm Treo Pro: Not digging it
American Airlines launches in-flight Wi-Fi
Markets

Market news, charts, SEC filings, and more

Related quotes

Microsoft (-0.40%) -0.11 27.18
Dow Jones Industrials (0.11%) 12.78 11,430.21
S&P 500 (0.25%) 3.18 1,277.72
NASDAQ (0.00%) 0.00 1,816.15
CNET TECH (-0.11%) -1.71 1,629.09
  Symbol Lookup
advertisement
On MovieTome: SEX AND THE CITY clips are here!
Advanced
search
Advanced
search
Visit other CBS Interactive sites