Tuesday, December 12, 2006

Yet another vulnerability in Word.

Within five days of a Microsoft Word Unspecified Memory Corruption Vulnerability appearing on the horizon another Word vulnerability has followed suit. This time it is the Microsoft Word Unspecified Code Execution Vulnerability.

Both of these vulnerabilities are extremely critical. It seems it is time to stay away from opening Word documents or excercise extreme caution.

No patches have been released so far for either of the vulnerabilities.

Both of these vulnerabilties allows the attacker to take control of the infected machine.

The vulnerabilties are already being actively exploited. So be careful with those Word documents arriving from untrusted sources or unexpected Word documents from trusted sources.

See the Secunia report here on the latest Word vulnerability.

Also check out the Eeye Zero day vulnerability tracker.

Related Reading:- Word unspecified memory corruption vulnerability.