Sunday, May 21, 2006

New MS Word zero day vulnerability.

The Internet Storm Center is reporting a new zero day vulnerability in Microsoft Word. I don't yet know if the exploit is being widely used. However, early reports indicate a limited, targeted, attack something I predicted about a year ago now. Malware which spreads via email is exploiting the vulnerability as a specially crafted MS-Word doc attachment. If the attachment is launched, this triggers a process which results in a backdoor being installed. So, it's a new vulnerability, and new malware targeting that vulnerability, but as far as we know, it's not being widely exploited at the moment. It's called W32/Ginwui by most AV-labs or vendors.