Symantec warns of new Word attack

... Content suppressed by ://URLFAN, for full article visit source ...

Symantec warned of the attack Tuesday, saying on its Web site that it had seen attackers exploiting "what is possibly an undisclosed vulnerability affecting Microsoft Word."

... Content suppressed by ://URLFAN, for full article visit source ...

In a security advisory, published late Tuesday, Microsoft said that Microsoft Office Word 2002 Service Pack 3 was vulnerable to the flaw. "Our initial investigation indicates that customers who use all other supported versions of Microsoft Office Word, Microsoft Office Word Viewer, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, and Microsoft Office for Mac are not affected," the advisory states.

There have been "limited, targeted attacks attempting to use the reported vulnerability," said Microsoft spokesman Bill Sisk [cq] in a blog posting.

... Content suppressed by ://URLFAN, for full article visit source ...

In this case, the malicious code is a Trojan horse program, called Backdoor.Darkmoon, which logs the victim's keystrokes in order to steal passwords.

... Content suppressed by ://URLFAN, for full article visit source ...

This is the second Microsoft attack reported this week. On Monday, Microsoft said that cybercriminals are exploiting a bug in software used by its Access database program. That flaw lies in the Snapshot Viewer ActiveX control, which ships with "all supported versions of Microsoft Office Access except Microsoft Access 2007," Microsoft said in a security advisory.