Wednesday, July 12, 2006

Microsoft Office Vulnerability

A vulnerability has been reported in Microsoft
Office, which could allow a remote attacker to run arbitrary code on the
target system.

According to and, a remote
user could create a specially crafted Word file which, when loaded by
the target user, could cause a memory access error in the LsCreateLine()
function in the mso.dll file, and allow arbitrary code to be run.

This could result in a denial of service situation, however, if the
attack is successfully carried out, the code will be run with the
privileges of the target user. Also, proof-of-concept code has been
published. Oxygen3 advises users to treat with caution possible
malicious files that could try to reproduce this attack, and not to open
Office files received from unreliable sources.