Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Word - Second New Vulnerability And Exploit


  • Please log in to reply
1 reply to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:01:38 PM

Posted 11 December 2006 - 07:30 AM

This new threat is not circulating extensively yet and updating to the latest levels of AV (plus always being careful with suspicious attachments) will help mitigate this new exposure.

Microsoft Word - Second new vulnerability and exploit
http://www.incidents.org/diary.php?storyid=1925

We received notification from an ISC participant that McAfee has released a dat today for protection against a buffer overflow attack in MS Word. The announcement says "Note: This vulnerability was first found through one of the samples that McAfee analyzed, and this vulnerability differs from the "Microsoft Word 0-Day Vulnerability I" that was published on December 5, 2006.".


McAfee information on Word Exploit II
http://vil.nai.com/vil/content/v_vul27249.htm

A vulnerability exists in Microsoft Word that could allow for arbitrary code execution. This could be exploited successfully if a victim were to open a specially crafted Word document obtained via an email attachment or downloaded from a malicious website.


New Word Exploit II Protection - DAT 4915
http://vil.nai.com/vil/content/v_141056.htm

MSRC Commentary on New Word Exploit
http://blogs.technet.com/msrc/archive/2006...d-zero-day.aspx

We are investigating reports of another new vulnerability in Microsoft Word initial investigation has shown that this is a different issue to that reported in Microsoft Security Advisory 929433. Our initial investigation has discovered that Word 2000, Word 2002, Word 2003 and the Word Viewer 2003 are affected, but Word 2007 is NOT affected by the vulnerability.


Secunia
http://secunia.com/advisories/23205/

FRSirt
http://www.frsirt.com/english/advisories/2006/4920

BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:12:38 PM

Posted 15 December 2006 - 10:34 AM

Cnet reports the possibility of a THIRD Microsoft Office flaw (Word), for which code has been published:

"Secunia and McAfee said Thursday that a buffer-overflow flaw in the word-processing application could crash a computer and ultimately let an outsider run code on a vulnerable PC."

See the article by Dawn Kawamoto:

http://news.com.com/Attack+code+published+...html?tag=cd.top

Regards,
John
Whereof one cannot speak, thereof one should be silent.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users