SOURCE: BitDefender

July 10, 2008 15:15 ET

BitDefender Protects Against Zero-Day Microsoft Word Bug

Unpatched Word Exploit Affects Microsoft® Word 2002 SP3

BUCHAREST, ROMANIA--(Marketwire - July 10, 2008) - BitDefender Labs released a signature update to protect clients against the latest unpatched Microsoft® Word exploit. The vulnerability affects Word 2002 SP3 and could be exploited by an attacker to "gain the same user rights as the local user," according to Microsoft.

The exploit is already being used in the wild.

"The samples we retrieved were already being detected as malicious by BitDefender software, as the exploit was being used to drop a malicious executable file that we had already signed," explained Senior BitDefender AV Researcher Attila Balazs. "As of this morning, we've also added detection for the exploit itself, blocking this avenue of attack against our clients once and for all."

The dropped component is a backdoor detected by BitDefender as Backdoor.PoisonIvy.CV. Once installed, PoisonIvy grants complete control over the affected computer to an attacker.

Malicious files containing the exploit are detected by BitDefender as Exploit.Word.MS-953635.A. The vulnerability itself is detailed in Microsoft Security Advisory 953635. An analysis of the PoisonIvy backdoor variant used in the attacks is ongoing and will be published on the BitDefender website as soon as possible.

For more information, visit the BitDefender Defense Center at

About BitDefender®

BitDefender is the creator of one of the industry's fastest and most effective lines of internationally certified security software. Since our inception in 2001, BitDefender has continued to raise the bar and set new standards in proactive threat prevention. Every day, BitDefender protects tens of millions of home and corporate users across the globe -- giving them the peace of mind of knowing that their digital experiences will be secure. BitDefender solutions are distributed by a global network of value-added distribution and reseller partners in more than 100 countries worldwide. More information is available on our security solutions' site.