The vulnerability has been reported in Microsoft Word 2000 running on Windows 2000, although other versions of the software may also be affected.
Symantec warned that the flaw is being actively exploited and advised users not to open untrusted Office documents.
The problem is caused by an unspecified error when processing Word documents that could be exploited to execute code when a malicious document is opened.
"Until a vendor-supplied patch is made available and then installed, users should follow safe computing practices and exercise extreme caution when opening unsolicited emails containing Microsoft Office documents," said a statement from Symantec.
The security firm claims to have seen samples of a Trojan that exploits the flaw in the wild, which it detected as Trojan.MDropper.Q.
"This takes advantage of the vulnerability to drop another file onto the target computer. Detected as a Trojan, this dropped file in turn drops another file, which turns out to be new variant of Backdoor.Femo," said Symantec.
Microsoft receives a 30 per cent cut of all purchases on the Xbox digital store
Credit card thieves used Apple ID accounts to buy and sell virtual currency for Clash of Clans and Clash Royale and Marvel Contest of Champions
$5.1bn fine further evidence that the EU is anti-US, claims Trump
New cable will connect Virginia to France