New MS Word Zero-day Exploit in the Wild

A new Microsoft Word 2000 zero-day exploit has been found. Microsoft has released a security advisory about this vulnerability, and a patch may be issued this coming February Patch Tuesday.

This vulnerability is present on Word 2000. When opened, a malicious .DOC file may corrupt system memory, allowing a remote user to execute arbitrary code on the affected system. This vulnerability does not affect any other Word versions.

The exploit code is detected by Trend Micro as TROJ_MDROPPER.EQ, and Symantec detects this as Trojan.Mdropper.W.

The usual precautions apply. Do not open email attachments from unknown sources. Update your antivirus apps. Patch your system when patches are available.