Monday, February 12, 2007 8:17 AM
cmosby
McAfee Avert Labs Blog -Exploit Targeting Unpatched Word Vulnerability Spotted
Exploit Targeting Unpatched Word Vulnerability Spotted
Friday February 9, 2007 at 12:28 pm CST
Posted by Craig Schmugar
Trackback
On the heels of my Zero-Day Excels Over Word blog, McAfee Avert Labs is currently investigating a new Word exploit. Preliminary analysis shows that this is a different issue than those referenced in my last blog:
CVE-2006-5994 CVE-2006-6456 CVE-2006-6561 CVE-2007-0515 CVE-2007-0621 (Microsoft states this is a duplicate of CVE-2006-6456) CVE-2007-0671 (Office zero-day uncovered by McAfee Avert Labs) This new exploit may be somehow related to MS06-027 and the DAT files proactively detect this new threat as a variant of Exploit-MS06-027 since June 2006. This threat appears to exploit Word 2000. Again, this is preliminary analysis. We are working with Microsoft to confirm the history of this vulnerability and will update the blog when we have more information.
Like many of the recent Word exploits, this appears to have been used in a very limited and targeted attack.
Update Feb 9, 1:30pm
Microsoft has acknowledged this issue. They state that it is limited to a Denial of Service attack on Word 2000 and that code execution is not possible.
Denial of Service is clearly not as critical as other recent issues. Looks like this targeted attack was flawed.