Redmond based software giant Microsoft has launched an investigation into the reports of a zero-day attack against its Microsoft Word program.

Anti-virus vendor Symantec, which discovered the vulnerability during an actual live attack,  said it affects multiple versions of Microsoft Word and can be used in successful code execution attacks against users using Microsoft’s Windows 95, Windows 98, Windows Me, Windows 2000, Windows NT, Windows Server 2003 and Windows XP operating systems.

According to a company official, “When the infected Word document is opened, it uses an exploit to drop some files onto the computer. These files are back door Trojans that enable an attacker to gain remote access to your computer.”

The Trojan then checks for Internet connectivity by visiting various Web sites, such as Microsoft, Google or Yahoo and opens a back door on the compromised computer.

It then connects to the pop.newyorkerworld.com domain on TCP port 80 and uses the command prompt specified instructions to carry out basic operations, Symantec said. These could include logging keystrokes or hijacking sensitive documents and uploading them to a remote server.