We’ve seen many threats using vulnerabilities based on Microsoft Office documents over the last year, so it’s no surprise that we have recently observed new samples of a threat that follows the same theme. This threat named Trojan.Mdropper.W is using the new Microsoft Word 2000 Unspecified Code Execution Vulnerability (BID22225) to drop threats onto a compromised computer. When the infected Word document is opened, it uses an exploit to drop some files onto the computer. These files are back door Trojans that enable an attacker to gain remote access to your computer.
This vulnerability comes on the back of three other recent and unpatched Microsoft Word vulnerabilities, which are:
BID21518 (CVE-2006-6456)
BID21451 (CVE-2006-5994)
BID21589 (CVE-2006-6561)
To protect yourself against these threats, do not trust unsolicited files or documents about “interesting” topics. Do not open attachments unless they are expected and come from a known and trusted source.