Word again at risk from exploit

Patched state lasts two days as new vulnerability found

Just days after Microsoft released a bundle of patches covering numerous serious security flaws in its Word and other Office programs, yet another vulnerability is threatening users of Word documents.

VB100

The latest zero-day flaw, much like the series of earlier ones, can be exploited by a maliciously formed document to take advantage of a parsing error, cause memory corruption and potentially execute code, leading to remote system access. Users, after a few hours of feeling secure, are advised to exercise caution when opening Word documents, and to ignore any documents received unexpectedly or from untrusted sources.

Microsoft's advisory on the vulnerability and exploit - which, once again, is described as in use only for 'very limited, targeted attacks', is here, and an alert from Secunia can be found here.

Microsoft has informed users of its OneCare software that, unlike some previous issues, protection has been added for exploits using the vulnerability.

16 February 2007

Tags:    del.icio.us  digg this! digg this

Poll

How should software and OS patching/security updates be managed?
Manually, at the user's discretion
Automatically via an optional, user-defined schedule
Automatically via a fixed, but optional schedule
Automatically via a fixed schedule, on by default with opt-out system
Automatically and silently, with no option to run unpatched

Leave a comment
View 19 comments
Jobs Recruit Sidebar

VB2009

VB2009 VB2009 will take place 23-25 September 2009 at the Crowne Plaza Geneva, Switzerland.
Virus Bulletin currently has 165,645 registered users.