May 19, 2006 11:32 AM PDT

Zero-day Word flaw used in attack

By Joris Evers
Staff Writer, CNET News

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
Email
Print

Related Stories: Bounty for Vista coders who squish bugs at home
May 12, 2006; Microsoft probes Outlook Express patch trouble
April 20, 2006; Microsoft fixes Office, Windows flaws
March 14, 2006; More WMF problems for Microsoft
January 9, 2006; Microsoft to hunt for new species of Windows bug
January 9, 2006

A new, yet-to-be-fixed security hole in Microsoft Word exposes computer users to cyberattack, Symantec warned Friday.

Would-be intruders already have attempted to compromise PCs at a Japanese government entity by exploiting the flaw, Vincent Weafer, the senior director at Symantec Security Response, said in an interview. In response, Symantec has raised its ThreatCon to Level 2, which means an outbreak is expected.

"What we're seeing is a continuation of the targeted threat using zero-day vulnerabilities," Weafer said. (Zero-day flaws are ones for which no patch exists.) "We got it from a single large customer inside Japan. We have not seen anyone else get it."

Microsoft is readying a security update for Word that repairs this vulnerability, a company representative said in an e-mailed statement. The fix is scheduled to be released as part of the June 13 security updates, or sooner, if warranted, the representative said.

The malicious software arrives as a Microsoft Word file attachment to an e-mail message. When the document is opened by the user, the vulnerability is triggered. In the Japanese case, the Word document actually displayed some text related to a treaty with China, but while the text was displayed, a backdoor was installed on the system, Weafer said. Backdoor software allows intruders to enter computers surreptitiously.

"The backdoor in turn pings an IP address located in Asia. It just pings to say it is available, but then, of course, you have a backdoor on your system," he said.

The vulnerability was confirmed in Word 2003, Symantec said. The malicious file caused Word 2000 to crash, but did not run the malicious payload, it added.

Exploitation of the security hole so far is only known as part of a single, targeted attack, Symantec said. "However, with the disclosure of this previously unknown vulnerability, new attackers may begin to exploit it in a widespread manner," the Cupertino, Calif., security company said in an advisory sent to customers.

The targeted attack can bypass spam filters, and Symantec's antivirus software doesn't yet detect the particular Word file as malicious, Weafer said. "We are looking at the vulnerability itself, in terms of generic blocking," he said, adding that the security software does detect the backdoor and the installer of the backdoor.

Microsoft and Symantec urge caution in the opening of Word documents received as an unexpected e-mail attachment.

See more CNET content tagged:
back door, Symantec Corp., Microsoft Word, vulnerability, flaw

Add a Comment (Log in or register) 6 comments

This should be fun!
by J_Satch May 19, 2006 12:00 PM PDT: Ok, everybody jump in!; Reply to this comment

Protection from Threat
by wxguy May 19, 2006 12:24 PM PDT: I would assume that business users behind a firewall and home user behind a router are protected from the back door since a port needs to be opened in order to gain access to the back door.; Reply to this comment View reply
Processing

protection
by dragonbite May 19, 2006 12:50 PM PDT: Isn't the protection for this the same as it is for other virus' ... don't open email attachments (unless from somebody you know AND you are expecting one)?

Could just wait to open that email until the virus definition is passed out, or you find out from the person themselves that it's legit.; Reply to this comment

Solution
by stacksmasher May 21, 2006 8:36 AM PDT: Solution = Linux; Reply to this comment

So...where can I see the flaw?
by Jim Hubbard May 23, 2006 10:05 PM PDT: How can I be sure that my antivirus software will portect me?

Is this something that can't be fixed? Is that why MS recommends "Safe mode"?

How can a Word doc contain installer code (or code period) that can't be seen by antivirus products or Word itself?; Reply to this comment

Latest tech news headlines

What you can--and can't--find about Palin on the Internet
Posted in News - Politics and Law by Stephanie Condon

September 4, 2008 10:20 PM PDT
Michael Moore plans Net-only film premiere
Posted in News - Digital Media by Steven Musil

September 4, 2008 9:20 PM PDT
McCain talks up oil drilling, green energy
Posted in News - Politics and Law by Declan McCullagh

September 4, 2008 9:11 PM PDT

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

Nanotech: The Circuits Blog
Timing rumors surface for AMD plant spin-off
Rumors persist that Advanced Micro Devices is planning to spin off all or part of its manufacturing operations.
Gallery
Photos: Ron Paul's RNC alternative
As the Republican convention took place just miles away, a crowd rallied for the former presidential candidate and his message of limited government, ensured civil liberties, lower taxes, and peace.
Digital Noise: Music and Tech
Was 1980s music that bad?
NPR asks listeners which year featured the best music, and the 1980s emerge as a bleak era. Personally, the '80s figure prominently in my collection, but well behind the 1970s.
Beyond Binary
Microsoft begins big ad push
Microsoft's multi-year push, estimated at $300 million, begins with a spot featuring Bill Gates and Jerry Seinfeld aired during Thursday's NFL game.
Video
YouTube plays party politics
During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.
News - Digital Media
Michael Moore plans Net-only film premiere
Filmmaker plans to premiere his latest documentary exclusively on the Internet for free, forgoing the traditional theatrical release.
Video
Political party playlists
We know the Democrats and Republicans are split over policy issues, but does their musical taste fall down party lines too? And what kind of gadgets did they bring to the conventions to listen to their music? CNET reporter Kara Tsuboi finds out.
News - Politics and Law
What you can--and can't--find about Palin on the Internet
John McCain's choice of Sarah Palin as a running mate has inspired a wealth of creativity on the Internet.
News - Cutting Edge
Execs predict next Google-like tech
On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.
Gallery
Photos: The brains behind Google Chrome
Here's a look at some of the engineers and executives who took the stage at the company's headquarters as they unveiled the new browser.
Crossfade
Ying Yang Twins, 'Look Back At It': Free MP3 of the Day
This amped-up duo gets the party started with a mix of crisp, Southern hip-hop beats and shout-along rhymes. Download a free MP3 of "Look Back At It" courtesy of CNET Download Music.
Green Tech
Clean-tech group forms to support Obama
"Clean Tech and Green Business for Obama" aims to raise $1 million for the Democratic presidential nominee while elevating issues of climate change and alternative energy.