In a previous blog, Symantec reported a new Ichitaro Zero-Day Vulnerability known as the Multiple Ichitaro Products Un-Specified Remote-Code-Execution Vulnerability (C.V.E.-2013-5990). This flaw was being actively exploited In-The-Wild, but the Exploit was not properly working to compromise computers. A week after that, we confirmed a working exploit in multiple incidents which is actually capable of infecting targeted computers with a back door used typically in targeted attacks. The format of the file used to exploit the vulnerability, as was the case in previous attacks, is a rich text format which targets the word processing software Ichitaro, developed by JustSystems.
...
A Patch for the Flaw has already been Released and is Available to Download. If customers have not Applied the Fix yet, we urge them to take the time now to do so.
- Blog: Ichitaro Vulnerability Successfully Exploited In-The-Wild