06/12/2006

Word Zero-Day, So Sayeth Microsoft (NEW)

Word Zero-Day, So Sayeth Microsoft (NEW)

Published: 2006-12-05,
Last Updated: 2006-12-05 23:05:27 UTC by Ed Skoudis (Version: 1)

Microsoft released an announcement of a zero-day vulnerability in Microsoft Word. Read about it here.

Of particular interest, they say:

"Microsoft is investigating new public reports of limited 'zero-day' attacks using a vulnerability in Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word 2004 v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006. In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker."

Microsoft's advice? They say, "Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted Word file."

Ok... sure. Thanks.

--Ed Skoudis
Intelguardians.