MS Word zero-day exploit seen in wild

Microsoft warns of attacks using vulnerability.

Microsoft has issued a security bulletin warning of a serious vulnerability discovered in several versions of Microsoft Word and related products, including Mac editions and the Word 2003 Viewer. The vulnerability is believed to be in use by at least one exploit in the wild.

Advertise on www.virusbtn.com

Further details of the nature of the vulnerability are not yet available, except that it can be used to cause memory corruption and arbitrary code execution, potentially allowing remote system access. Users are advised to exercise caution and avoid opening unexpected Word documents.

The alert is issued just a week before the monthly Patch Tuesday round of Microsoft updates; however, as the CVE entry for the vulnerability (here) is marked as having been 'assigned' over two weeks ago, Microsoft appears to have been aware of the issue for adequate time to devise a patch in time for this month's release.

The Microsoft bulletin is here. A Secunia alert, labelled 'extremely critical', is here.

06 December 2006

Tags:    del.icio.us  digg this! digg this

Poll

Should anti-virus software be free for personal use?
Yes
No
I don't know

Leave a comment
View 46 comments
Jobs Recruit Sidebar

VB2009

VB2009 VB2009 will take place 23-25 September 2009 at the Crowne Plaza Geneva, Switzerland. A call for papers will be issued in December.
Virus Bulletin currently has 144,557 registered users.