Document Actions
Another flaw in MS Word found
Microsoft has released another security advisory for Microsoft Word. Microsoft is investigating new public reports of very limited, targeted attacks against Microsoft Word “zero-day” using a vulnerability in Microsoft Office 2000 and Microsoft Office XP. This vulnerability emanates from an unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.
It was previous thought that this vulnerability is limited to Denial of Service and remote code execution was not possible. However, further analysis has shown that it is not limited to Denial of Service but a possibility of remote code execution exists. Microsoft has also acknowledged that the vulnerability may not be limited to denial of service. Word 2000 and Word XP are believed to be vulnerable, though exploiting this flaw is non-trivial.
References:
- Category(s)
- Windows
- Information Security
- The URL to Trackback this entry is:
- http://www.dharwadkar.com/weblog/ms_secu_adv_03/tbping
