Thursday, December 14, 2006 8:52 AM cmosby

Microsoft Word's third strike this week.

Looks like there are reports out there of yet another Word vulnerability had its Proof of Concept (POC) code released last night. 

From what I have read, this does require user interaction to exploit and will run under the rights of the user.

Looks like Santa skipped one of my presents, a stress free Christmas..

Here are some links to information that I have been able to gather so far:

FrSIRT
http://www.frsirt.com/english/advisories/2006/4997

SecurityFocus:
http://www.securityfocus.com/bid/21589/info

Symantec (Bloodhound Detection)
http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-121412-1329-99

Insecure.org
http://seclists.org/isn/2006/Dec/0052.html

Infoworld
http://www.infoworld.com/article/06/12/13/HNthirdword_1.html

Techworld
http://www.techworld.com/security/news/index.cfm?RSS&NewsID=7577

Filed under: , , ,

Comments

No Comments