topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 6:20 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Microsoft Confirms Another Word Zero-Day Flaw  (Read 4065 times)

KenR

  • Super
  • Blogger
  • Joined in 2006
  • ***
  • Posts: 826
    • View Profile
    • Donate to Member
Microsoft Confirms Another Word Zero-Day Flaw
« on: December 13, 2006, 02:28 PM »
Someone targeting Microsoft...Now there's a first!

...Microsoft's security response center has confirmed that a second zero-day vulnerability in its Word software program is being targeted by unknown attackers.

The latest flaw comes just days after the software maker issued a security advisory to warn customers against opening Word documents from untrusted sources. The two vulnerabilities are entirely unrelated.

The flaws were discovered during actual code execution attacks against select targets and highlight the Redmond, Wash., vendor's struggle to cope with gaping holes in one of its most widely used products.

According to a US-CERT advisory, the latest bug is a memory corruption issue that occurs when a Word file is rigged with malformed data structures. No other details were made available.

Microsoft has not yet issued a formal prepatch advisory but, in a blog entry, Security Program Manager Scott Deacon listed affected software versions as Word 2000, Word 2002, Word 2003 and the Word Viewer 2003.

He said Microsoft Word 2007 is not affected by the second vulnerability...

Kenneth P. Reeder, Ph.D.
Clinical Psychologist
Jacksonville, North Carolina  28546