MS Word zero-day exploit seen in wild

Microsoft warns of attacks using vulnerability.

Microsoft has issued a security bulletin warning of a serious vulnerability discovered in several versions of Microsoft Word and related products, including Mac editions and the Word 2003 Viewer. The vulnerability is believed to be in use by at least one exploit in the wild.

Further details of the nature of the vulnerability are not yet available, except that it can be used to cause memory corruption and arbitrary code execution, potentially allowing remote system access. Users are advised to exercise caution and avoid opening unexpected Word documents.

The alert is issued just a week before the monthly Patch Tuesday round of Microsoft updates; however, as the CVE entry for the vulnerability (here) is marked as having been 'assigned' over two weeks ago, Microsoft appears to have been aware of the issue for adequate time to devise a patch in time for this month's release.

The Microsoft bulletin is here. A Secunia alert, labelled 'extremely critical', is here.

06 December 2006

Tags: virus del.icio.us digg this