Microsoft is on the right track to set a new record for the largest collection of unpatched Word vulnerabilities. In the shadow of the launch of Windows Vista and the 2007 Office System, Symantec is reporting what it believes to be the fifth zero-day Word vulnerability.

"We have received some additional Word documents that exploit an unpatched Microsoft Word vulnerability. These documents are detected as Trojan.Mdropper.X. We believe this is a new vulnerability, making it the fifth currently unpatched Office file format vulnerability. While these documents are being used in a targeted attack consistent with previous cases, we have received different documents that use this same exploit from multiple organizations," revealed Eric Chien, Symantec Security Response Engineer.

Chien informed that malicious Word documents have been crafted and designed for use in attacks directed at multiple organizations worldwide. According to Symantec, the malformed Word files are shaped according to the language and content specific for each organization.

"The vulnerability could be a slight variation or may be covered by the existing CVEs and we are awaiting confirmation from Microsoft Security Response Center. Nevertheless, no patches appear to be available, so, as always, be careful opening unsolicited Word documents," added Chien.

If Microsoft will indeed confirm the validity of this new vulnerability, the zero-day will add to the Word 2000 flaw reported last week and to the three vulnerabilities that have gone unpatched since December 2006.