The vulnerability has been reported in Microsoft Word 2000 running on Windows 2000, although other versions of the software may also be affected.
Symantec warned that the flaw is being actively exploited and advised users not to open untrusted Office documents.
The problem is caused by an unspecified error when processing Word documents that could be exploited to execute code when a malicious document is opened.
"Until a vendor-supplied patch is made available and then installed, users should follow safe computing practices and exercise extreme caution when opening unsolicited emails containing Microsoft Office documents," said a statement from Symantec.
The security firm claims to have seen samples of a Trojan that exploits the flaw in the wild, which it detected as Trojan.MDropper.Q.
"This takes advantage of the vulnerability to drop another file onto the target computer. Detected as a Trojan, this dropped file in turn drops another file, which turns out to be new variant of Backdoor.Femo," said Symantec.
New Vikendi map adds snow, snowmobiles and new aural and visual twists
Faults and bad weather ground SpaceX, Blue Origin, Arianespace and United Alliance
New regulation expected to cut greenhouse gas emissions by about 17 million metric tonnes between 2020 and 2050
Molybdenum ditelluride is a two-dimensional material that can be easily stacked into multiple layers to create a memory cell