The vulnerability has been reported in Microsoft Word 2000 running on Windows 2000, although other versions of the software may also be affected.
Symantec warned that the flaw is being actively exploited and advised users not to open untrusted Office documents.
The problem is caused by an unspecified error when processing Word documents that could be exploited to execute code when a malicious document is opened.
"Until a vendor-supplied patch is made available and then installed, users should follow safe computing practices and exercise extreme caution when opening unsolicited emails containing Microsoft Office documents," said a statement from Symantec.
The security firm claims to have seen samples of a Trojan that exploits the flaw in the wild, which it detected as Trojan.MDropper.Q.
"This takes advantage of the vulnerability to drop another file onto the target computer. Detected as a Trojan, this dropped file in turn drops another file, which turns out to be new variant of Backdoor.Femo," said Symantec.
In fear of future shortage - or in preparation for its own electric car project?
New Spectre microcode patches released by Intel to fix security flaws in Skylake, Kaby Lake and Coffee Lake CPUs
But if you're running anything older you'll have to wait
Powered by servers based on Qualcomm's scalable 48-core Centriq 2400 10nm CPUs
Malware has been in circulation for more than a year