Zero Day Microsoft Word Unspecified Code Execution Vulnerability
Saturday, 20 May 2006 by Michel Roth
Heads up! Secunia reports that a vulnerability has been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error. This can be exploited to execute arbitrary code. Secunia rates this vulnerability extremely critical (their highest classification).

The vulnerability has been reported in Microsoft Word 2002 and Microsoft Word 2003. This vulnerability is being actively exploited and currently there is no Microsoft patch or workaround available. There's also a big chance that your AV software isn't up to date yet. And you know users will open that word document.

The only sure thing you can do is to block of quarantine .doc files at your NEP (network entry point). Good luck! Read the advisory here.

Related Items:

0-Day Microsoft Word 2000 Unspecified Code Execution Vulnerability (5 September 2006)
Warning: 0-Day Microsoft XMLHTTP ActiveX Control Code Execution Vulnerability (6 November 2006)
0-Day Microsoft Excel Unspecified Code Execution Vulnerability (19 June 2006)
Citrix Presentation Server Client Unspecified Code Execution (2 March 2007)
VMware ESX Server Management Interface Unspecified Vulnerability (30 December 2005)
Warning: Microsoft Windows WMF Handling Arbitrary Code Execution - Exploit In the Wild (29 December 2005)
Microsoft Windows "itss.dll" Heap Corruption Unpatched Vulnerability (10 May 2006)
Wyse Winterm 1125SE IP Option Length Denial of Service (12 August 2005)
Citrix Metaframe XP Unspecified Buffer Overflow Vulnerability (23 December 2004)
Internet Explorer "object" Tag Memory Corruption Code Execution (26 April 2006)
Comments (0)add feed
Show/Hide comment formtoggle
password
 

busy