Word again at risk from exploit
Patched state lasts two days as new vulnerability found
Just days after Microsoft released a bundle of patches covering numerous serious security flaws in its Word and other Office programs, yet another vulnerability is threatening users of Word documents.

The latest zero-day flaw, much like the series of earlier ones, can be exploited by a maliciously formed document to take advantage of a parsing error, cause memory corruption and potentially execute code, leading to remote system access. Users, after a few hours of feeling secure, are advised to exercise caution when opening Word documents, and to ignore any documents received unexpectedly or from untrusted sources.
Microsoft's advisory on the vulnerability and exploit - which, once again, is described as in use only for 'very limited, targeted attacks', is here, and an alert from Secunia can be found here.
Microsoft has informed users of its OneCare software that, unlike some previous issues, protection has been added for exploits using the vulnerability.
16 February 2007
Tags:
del.icio.us
digg this
Poll
How should software and OS patching/security updates be managed?Leave a comment
View 19 comments

VB2009
VB2009 will take place 23-25 September 2009 at the Crowne Plaza Geneva, Switzerland.
Virus Bulletin currently has 165,645 registered users.

