NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA List Master

NRT-0044 Microsoft Warns of Targeted Attacks Using Office Flaw:

On 14FEB, Microsoft warned its customers of a newly-discovered vulnerability in Microsoft Office that is being used in "very limited, targeted attacks," according to a security advisory on Microsoft's Web site. The known attacks involve the use of a specially-crafted Microsoft WORD document that exploits the previously unknown Office vulnerability using a malformed string that corrupts system memory and allows for arbitrary code execution. The vulnerability is known to affect Microsoft Office 2000 and Office XP. Microsoft's warning came just one day after the company had issued 12 patches that fixed 20 other vulnerabilities in its products, including six for Microsoft WORD. The Chief Technical Officer at security firm Secunia noted that the emergence of another security vulnerability so soon after Microsoft's schedule patch release date follows a similar pattern observed by hackers, who aim to maximize the amount of time they have to take advantage of the flaw.

(http://pcadvisor.co.uk 15FEB07; http://www.microsoft.com 14FEB07)

Last Modified: Saturday, 17-Feb-2007 08:29:04 EST