Someone targeting Microsoft...Now there's a first!
...Microsoft's security response center has confirmed that a second zero-day vulnerability in its Word software program is being targeted by unknown attackers.
The latest flaw comes just days after the software maker issued a security advisory to warn customers against opening Word documents from untrusted sources. The two vulnerabilities are entirely unrelated.
The flaws were discovered during actual code execution attacks against select targets and highlight the Redmond, Wash., vendor's struggle to cope with gaping holes in one of its most widely used products.
According to a US-CERT advisory, the latest bug is a memory corruption issue that occurs when a Word file is rigged with malformed data structures. No other details were made available.
Microsoft has not yet issued a formal prepatch advisory but, in a blog entry, Security Program Manager Scott Deacon listed affected software versions as Word 2000, Word 2002, Word 2003 and the Word Viewer 2003.
He said Microsoft Word 2007 is not affected by the second vulnerability...
Kenneth P. Reeder, Ph.D.
Jacksonville, North Carolina 28546