Monday, May 22, 2006

Serious Microsoft WORD Vulnerability

A buffer overflow vulnerability has been reported in Microsoft Word that could allow an attacker to run code on affected systems.

This is a serious problem, rapidly reported by the CERT, (http://www.us-cert.gov/cas/techalerts/TA06-139A.html) as opening a specially-crafted Word document could lead to exploitation of the flaw.

This includes documents hosted on websites or email attachments. Office documents can contain embedded objects.

For example, a Word document could be embedded in an Excel or PowerPoint document. As a result, any Office document could be used to launch an attack.

This vulnerability has been confirmed in Microsoft Word 2003 and Microsoft Word XP (2002), on totally updated systems. Until the necessary update has been published, we recommend that you not open Office documents coming from unfamiliar sources, as well as keeping your antivirus completely updated.

Links to this post:

Create a Link

<< Home