Researchers at Symantec said they have spotted a trojan taking advantage of a previously patched Microsoft Office vulnerability.
The exploit, which is being used in targeted attacks, arrives as an email that contains a Microsoft Word file and a separate DLL file, a rare combination considering DLL files are not typically sent over email.
“The exploit makes use of an ActiveX control embedded in the Word document file,” senior researcher Joji Hamada wrote Thursday in a blog post. “When the Word document is opened, the ActiveX control calls fputlsat.dll, which has the identical file name as the legitimate DLL file used for the Microsoft Office FrontPage Client Utility LIbrary. If the exploit is successful, malware is dropped onto the system.”
The trojan, dubbed “Activehijack” by Symantec, takes advantage of a vulnerability rated “important” that was patched by Microsoft in September with bulletin MS11-073.
To avoid the exploit, users should ensure they have installed the patch and remain wary of emails that contain DLL files, Hamada said.