Malware, Patch/Configuration Management, Vulnerability Management

Trojan appears that leverages patched Microsoft Office flaw

Researchers at Symantec said they have spotted a trojan taking advantage of a previously patched Microsoft Office vulnerability.

The exploit, which is being used in targeted attacks, arrives as an email that contains a Microsoft Word file and a separate DLL file, a rare combination considering DLL files are not typically sent over email.

"The exploit makes use of an ActiveX control embedded in the Word document file," senior researcher Joji Hamada wrote Thursday in a blog post. "When the Word document is opened, the ActiveX control calls fputlsat.dll, which has the identical file name as the legitimate DLL file used for the Microsoft Office FrontPage Client Utility LIbrary. If the exploit is successful, malware is dropped onto the system."

The trojan, dubbed "Activehijack" by Symantec, takes advantage of a vulnerability rated "important" that was patched by Microsoft in September with bulletin MS11-073.

To avoid the exploit, users should ensure they have installed the patch and remain wary of emails that contain DLL files, Hamada said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.