Microsoft Word Zero-day Exploit Steals Passwords

last Tuesday, a vulnerability was reported in Microsoft Word that could allow remote code execution by means of a specially crafted file.

And now, Microsoft has acknowledged another bug in Microsoft Word, which can also be exploited through specially crafted files. The company said the newest flaw is unrelated to the first vulnerability, but that it is being investigated.

The first vulnerability affects Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v. X for Mac. Apart from Microsoft Word, the vulnerability also affects programs, including Microsoft Word Viewer 2003, and Microsoft Works 2004, 2005, and 2006.

The second flaw meanwhile, affects Word 2000, 2002, 2003, and Word Viewer 2003. Just that the newly released Microsoft Word 2007 is spared by this bug.

Scott Deacon from the Microsoft Security Response Center (MSRC) wrote on a MSRC Blog that from initial reports and investigation, it can be confirmed that the second vulnerability is being exploited on a very, very, limited and targeted basis.

However, Deacon adds that a successful attack would require a user to either open a Word document attached to a malicious email, or to download a Word file from a Web site, and that this could completely compromise the PC.

Meanwhile, security major, McAfee, has reported spotting attackers planting a password-stealing Trojan horse named "PWS-Agent.g" using the latest Word exploit. According to McAfee, the Trojan steals passwords from Internet Explorer, Firefox, and POP3 email clients. Another security firm, Secunia, has ranked the second Word bug as "extremely critical", just like last week's flaw.

As per Microsoft's advance notice of patches it plans to release today, neither of these Word flaws will be fixed this month. However, as a precautionary measure, the company advises users not to open files from unfamiliar sources.

UPDATE:14/12/2006

Microsoft Corp has patched 11 security vulnerabilities, which mostly threatened Windows, by releasing seven security updates, three of which were rated in the highest-risk category of 'critical.'

However, industry watchers say two additional critical flaws in Microsoft Word, including one released only a few days ago, have yet to be patched. These are zero-day flaws, which potentially enable a cyber criminal to take control of a user's entire system. Successful hackers would gain the same user or administrative privileges as its victim. The second of these uncontained flaws was released on December 5.