Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > January 2007 > New Unpatched Vulnerability in Microsoft Word

January 2007

New Unpatched Vulnerability in Microsoft Word

ID: 00053
Ref: 50/2007
Date: 29 January 2007:14:30:27
Version: 1
Title: New Unpatched Vulnerability in Microsoft Word
Abstract: US-CERT is investigating reports of a new Microsoft Word vulnerability affecting Word 2000 and Word 2003/XP. Symantec published an alert indicating that the vulnerability could be exploited to allow an attacker to execute arbitrary code in the context of the user who is logged in. The alert indicated that exploitation is occurring in the wild.
Vendors affected: Microsoft
Operating systems affected: Microsoft
Applications affected: Microsoft
Title
=====

New Unpatched Vulnerability in Microsoft Word

Detail
======

US-CERT is investigating reports of a new Microsoft Word vulnerability affecting Word 2000 and Word 2003/XP. Symantec published an alert indicating that the vulnerability could be exploited to allow an attacker to execute arbitrary code in the context of the user who is logged in. The alert indicated that exploitation is occurring in the wild.

Initial reports indicate that the attack is initiated with an infected Word document, that once opened, installs a Trojan onto the infected system.
The Trojan, identified by Symantec as the Trojan.Mdropper.W, installs additional malware and opens a backdoor by which the compromised system can be controlled.

US-CERT recommends the following actions to help mitigate the security risks:

- - Do not open untrusted Word documents or attachments from unsolicited email messages.
- - Disable automatic opening of Microsoft Office documents.
- - Do not rely on file name extensions as a way to securely filter against malicious files.
- - Install anti-virus software and keep its virus signature files up-to-date.
- - Save and scan any attachments before opening them.
- - Limit user privileges to no administrator rights.

US-CERT will continue to investigate and provide additional information as it becomes available.


More information:

US-CERT
http://www.us-cert.gov/current/current_activity.html#mswddrpr0d

Microsoft Security Advisory 932114
http://www.microsoft.com/technet/security/advisory/932114.mspx

Symantec - Trojan.Mdropper.W
http://www.symantec.com/security_response/writeup.jsp?docid=2007-011813-0435-99&tabid=1
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |