SANS Internet Storm Center today received reports that a new zero-day exploit in Microsoft Word is being used to compromise usersâ€™ computers. The flaw in Word allows attackers to execute malicious code when the infected word document is opened.
"Michael," who reported the vulnerability, states:
"The exploit functioned as a dropper, extracting a Trojan byte-for-byte from the host file when executed. After extracting and launching the Trojan, the exploit then overwrote the original Word document with a "clean" (not infected) copy from payload in the original infected document. As a result of the exploit, Word crashes, informs the user of a problem, and offers to attempt to re-open the file. If the user agrees, the new "clean" file is opened without incident."
This news article was written on May 21, 2006, quoting SANS Internet Storm Center.