Another, different Microsoft Word 0-day vulnerability reported [UPDATED]
A new 0-day ulnerability in Microsoft Word has been reported.
More details available at SANS Internet Storm Center Diary:
Microsoft has confirmed via MSRC that this is a different vulnerability than the following issue reported earlier this week:
www.microsoft.com/technet/security/advisory/929433.mspx (related FAQ document here).
Word 2003, Word 2002 and Word Viewer 2003 are reportedly affected.
UPDATE: Microsoft lists Word version 2000 as vulnerable too.
The vulnerability is being exploited too (i.e. typical targeted attacks).
Password stealing Trojan spreads with this vulnerability, link to the McAfee PWS-Agent.g writeup.
Update 14th Dec: Symantec reports that the malicious Word document has name QUESTION.DOC.