A new zero-day vulnerability that affects Microsoft Word 2000 has been discovered, along with a Trojan dropper that installs a backdoor on a user’s computer.
Trojan.MDropper.Q was discovered by anti-virus giant Symantec, and takes advantage of a newly discovered vulnerability in Word 2000 to drop a variant of the Backdoor.Femo backdoor (note: SecurityFocus is owned by Symantec Corporation). Anti-virus firm McAfee also discovered the threat and is calling it a worm known as W32/Mofei.worm.
Similar to other recent Microsoft Office vulnerabilities, dangerous documents containing the dropper must be opened by a user of the application in order to cause harm.Microsoft Office products have seen numerous vulnerabilities exploited in recent months, with over 25 flaws found in 2006 alone.