Microsoft warns of attacks using vulnerability.
Microsoft
has issued a security bulletin warning of a serious vulnerability discovered in several versions of
Microsoft Word
and related products, including
Mac
editions and the
Word 2003 Viewer
. The vulnerability is believed to be in use by at least one exploit in the wild.
Further details of the nature of the vulnerability are not yet available, except that it can be used to cause memory corruption and arbitrary code execution, potentially allowing remote system access. Users are advised to exercise caution and avoid opening unexpected
Word
documents.
The alert is issued just a week before the monthly
Patch Tuesday
round of
Microsoft
updates; however, as the
CVE
entry for the vulnerability (
here
) is marked as having been ‘assigned’ over two weeks ago,
Microsoft
appears to have been aware of the issue for adequate time to devise a patch in time for this month’s release.
The
Microsoft
bulletin is
here
. A
Secunia
alert, labelled ‘extremely critical’, is
here
.
Posted on 06 December 2006 by
Virus Bulletin
Leave a Reply