Today on Security Response Weblog, Symantec revealed the exploit, which could drop a back-door Trojan onto an infected system. The exploit "may enable an attacker to gain remote access to your computer," wrote Amado Hidalgo in the blog post. The malicious code "appears to be exploiting a bug on MSO.DLL," which is an Office shared library, Hidalgo wrote. In a security bulletin issued on Feb. 2, Microsoft warned that "other Office applications are potentially vulnerable" to the zero-day flaw. Symantec has only seen code that exploits Excel. The exploit actually uses two different Trojans. The first, Trojan.Mdropper.Y, drops the second, Backdoor.Bias. Symantec has released patches for both Trojans. A signature update for the first one was issued today.
"Fully patched versions of Office 2000, XP and 2003 appear to be vulnerable to this exploit," Hidalgo wrote. Zero-day refers to a flaw for which there is an exploit but no available fix. The Excel flaw is Microsoft's fifth zero-day flaw since December. The zero-day flaw affects Office versions 2000, XP, 2003 and 2004 for the Mac, but not 2007 or Works 2004, 2005 or 2006, according to Microsoft.