Wednesday, April 11, 2007 10:02 AM
cmosby
McAfee Avert Labs Blog - New MS Office Zero-Days
New MS Office Zero-Days
Tuesday April 10, 2007 at 11:26 am CST
Posted by Karthik Raman
Trackback
Last week was spent combating a slew of exploits for the vulnerabilities patched by Microsoft on April 3.
Yesterday saw the release of several Microsoft Office zero-day exploits in security forums. Some of these flaws may allow for remote code execution. McAfee Avert Labs is investigating all these zero-days. Today is Patch Tuesday for April. So, yes: this is yet another time that zero-day flaws have been published around a Patch Tuesday, possibly to maximize the public’s exposure to these flaws until the next month’s Patch Tuesday.
Update, 2pm PST
Further research by Avert Labs indicates that all but one of the Office zero-days reported yesterday result in denial of service. There is one heap-overflow flaw that might be exploited for code execution. We’ll keep you updated.
Update, 5pm PST
Avert Labs has been analyzing proof-of-concept code for a zero-day vulnerability in Microsoft Windows’s handling of HLP files. This is another heap-overflow flaw that might be exploited for code execution. Stay tuned.
Source: Computer Security Research - McAfee Avert Labs Blog
Filed under: SMS, Security and Anti-Virus, Patch Management, Microsoft Windows, Microsoft Office