Microsoft confirms Word attack

By | December 12, 2006

Microsoft has confirmed a report of a new, un-patched memory corruption error in Word. The bug can be exploited by creating a specially crafted Word document and allow the attacker to execute unauthorized code on the system.

In order for this attack to be carried out, a user must open the malicious Word document attached to an email. In a web-based attack scenario, an attacker would have to host a web site that contains a Word file that is used to attempt to exploit this vulnerability.

When a user opens a specially crafted Word file using a malformed string, it may corrupt system memory in such a way that an attacker could execute arbitrary code.

In the past year, hackers have increasingly research Microsoft Office products, which some security researchers consider to be a better source for bugs that the core operating system.

The vulnerability affects Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003 and Microsoft Word for Mac OS X. The problem is not expected to be fixed in today’s software patches.

Leave a Reply