Researchers from Security Company Symantec report that they've detected one Trojan exploiting an earlier patched security flaw which's existent within Microsoft Office. SC Magazine published this dated February 9, 2012.
Actually, attackers combine a Word .doc file of Microsoft with another file, which has a .dll extension, to make the attack outstanding vis-à-vis normal personalized assaults. Commonly in personalized assaults, there is a file that installs malicious software. The combined files possibly reach the target after being enclosed into an archive in the form of a file attachment inside an electronic mail. But, while it's usual for finding e-mails sent with Word files enclosed within an archive, it isn't common to find e-mails having DLL file attachments.
Moreover, the exploit in the attack utilizes an ActiveX Control that is implanted within certain Word .doc file, which if viewed, prompts the ActiveX Control to summon fputlsat.dll that is identical to any genuine .dll file in terms of filename wherein a DLL file is utilized for the Client Utility Library of Microsoft Office FrontPage. Meanwhile, in case of a successful exploit, malicious software gets installed onto the computer.
...
