14 DAY TRIAL // Symantec has dissected the fifth unpatched zero-day vulnerability from Microsoft. The Redmond Company has acknowledged the existence of a flaw in Office that could allow remote code execution in the eventuality of a successful exploit. But Microsoft's details were scarce to say the least, apart from pointing out that Microsoft Office 2000, Microsoft Office XP, Microsoft Office 2003, and Microsoft Office 2004 for Mac were all affected by the vulnerability.
"Security Response has analysed a sample of a malicious Microsoft Excel file that appears to be exploiting the vulnerability that is hinted at in that Advisory. Fully patched versions of Office 2000, XP, and 2003 appear to be vulnerable to this exploit," revealed Amado Hidalgo, Symantec Sr. Security Response Manager.
The vulnerability was initially associated with malformed Microsoft Excel documents. Symantec revealed that compromised files, upon execution, drop a back door Trojan onto the computer. The Cupertino based security company informed that it detects the malicious Microsoft Excel documents as the Trojan.Mdropper.Y. After infecting the computer, the back door Trojan, (detected as Backdoor.Bias) tries to contact a server in order to felicitate remote access to the victim's machine.
"It appears to be exploiting a bug on MSO.DLL, a shared library used by Office applications, so as Microsoft indicated in the advisory, it could affect other Office applications. However, to date, we have only seen it execute on Excel. As this vulnerability has not been patched yet, you should be extra careful and refrain from opening Office files received from untrusted sources," added Hidalgo.