Word again at risk from exploit

Patched state lasts two days as new vulnerability found

Just days after Microsoft released a bundle of patches covering numerous serious security flaws in its Word and other Office programs, yet another vulnerability is threatening users of Word documents.

Advertise on www.virusbtn.com

The latest zero-day flaw, much like the series of earlier ones, can be exploited by a maliciously formed document to take advantage of a parsing error, cause memory corruption and potentially execute code, leading to remote system access. Users, after a few hours of feeling secure, are advised to exercise caution when opening Word documents, and to ignore any documents received unexpectedly or from untrusted sources.

Microsoft's advisory on the vulnerability and exploit - which, once again, is described as in use only for 'very limited, targeted attacks', is here, and an alert from Secunia can be found here.

Microsoft has informed users of its OneCare software that, unlike some previous issues, protection has been added for exploits using the vulnerability.

16 February 2007

Tags:    del.icio.us  digg this! digg this


Poll

Who in your company is responsible for installing software patches?
System administrators
End users
I don't know

Leave a comment

Jobs Career Sidebar

Virus Bulletin

In this month's magazine:
  • Welcome to 2009
  • Anti-unpacker tricks – part two
  • A day in the life of an average user
  • Advancing malware techniques 2008
  • VB2009 Geneva: call for papers
  • MicroWorld eScan Internet Security Suite 10
  • Introducing VB anti-spam testing
Virus Bulletin 01 2009
Subscribe now!
Virus Bulletin currently has 148,295 registered users.