A hacked PowerPoint file, circulated as an e-mail attachment, exploits the client-side vulnerability by elevating privileges and installing a dropper that can create a backdoor.

The vulnerability is the third exploit found in the last five months and is yet to be patched.

Trend Micro Australia premium services manager Adam Biviano said malware is often released after Microsoft's 'patch Tuesday' to give the applications maximum exposure prior to detection.

"It is well known that Microsoft issues its patches on the second Tuesday of each month, and that out-of-cycle patches are only processed and released in very extreme cases," Biviano said. "With this knowledge, malware writers keep their exploits secret until after the monthly update, [therefore] their attack can remain active for up to a full month which increases their odds for success."

Biviano said zero-day attacks are silent, using vulnerabilities to create backdoors for botnet infection.