Friday, 9 February 2007

Word Unspecified Exploit [4]

Vendor:: Microsoft
Application:: Word XP
Word 2000
Disclosed:: 09-02-07
This is reported by McAfee as a different vulnerability than all previous Word zero-day vulnerabilities. Microsoft has acknowledged that this vulnerability does cause a denial of service for Word, and claims that exploitability is not possible. However, without any technical details released, exploitability should not be 100% ruled out.

UPDATE (2/14/2007):
The referenced vendor advisory (933052) alludes that this vulnerability affects Word 2000 as well as XP. Also, the vulnerability is not limited to a denial of service, but may also allow for code execution.
Exploit:: Currently searching for public exploit.
McAfee Blog Post - Exploit Targeting Unpatched Word Vulnerability Spotted
Microsoft Security Advisory (933052)