Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Microsoft Word Zero-Day Under Investigation

Created: 06 Dec 2006 08:00:00 GMT • Updated: 23 Jan 2014 18:54:41 GMT
Symantec Security Response's picture
0 0 Votes
Login to vote

On December 5, 2006, Microsoft announcedthey were investigating reports of the exploitation of a zero-dayvulnerability in Microsoft Word (described in Microsoft Security Advisory 929433).There is very little information available regarding the technicaldetails of this new vulnerability. Symantec Security Response ismonitoring the situation and will respond appropriately once furtherinformation is known.

At this time, Security Response has seen various malware binarieswhich may be related to the limited reports noted by Microsoft. Thesefiles are detected as "Downloader" by LiveUpdate virus definitions,version 12/6/2006 rev. 16. At least one known downloaded file isdetected as Backdoor.HackDefender, using Rapid Release virusdefinitions, version 12/6/2006 rev. 25.

The standard best practices apply in this situation and as such,caution should be exercised when dealing with unsolicited attachmentsfrom unknown, and even known, sources.

The aforementioned "Downloader" detections have been renamed toDownloader.Realog and Downloader.Sniper starting from Rapid Releasevirus definitions, version 12/6/2006 rev. 53.

A heuristic bloodhound detection has been added for this vulnerability,starting with Rapid Release virus definitions version 2006/12/12 rev.41. Details can be found at Bloodhound.Exploit.106