First time Office documents for MacOS are vulnerable.

New exploit uses old Office vulnerability for OS X malware delivery. Some malware groups have recently been found to be taking advantage of an old, patched vulnerability in Microsoft Office for OS X in an attempt to spread command-and-control malware to OS X systems.

The vulnerability used in the attack was outlined in a Microsoft security bulletin in June 2009, which applied to all versions of Office 2004 version 11.5.4 or earlier, Office 2008 version 12.1.8 or earlier, and OpenXML Converter 1.0.2 or earlier. The vulnerability was patched soon after it was found and currently all supported Office programs are well beyond these versions. However, malware developers are attempting to exploit unpatched systems. These efforts mark the first time Office documents have been used as a vehicle for attacks in OS X. For this attack to work, a person would need to open a maliciously crafted Word file that has likely been distributed via spam and other suspicious means that could easily be avoided. When a maliciously crafted Word file is opened in an unpatched version of Word for Mac, it runs a script that writes the document’s malware payload to the disk and executes a shell script that runs the malware. In addition, it displays a Word document containing a poorly formatted political statement about Tibetan freedoms and grievances.