Microsoft Word Unspecified Remote Code Execution Vulnerability
Microsoft warns that an unpatched Word vulnerability has become the subject of targeted attacks. Successful attacks may allow arbitrary malicious code to run in the context of the user running the application. Failed attack attempts may result in a crash.
The flaw creates a mechanism for hackers to inject hostile code onto vulnerable systems. Redmond has published workarounds as a stop-gap measure while its researchers investigate the flaw in greater depth.
According to Microsoft, there are limited, targeted attacks attempting to use the reported vulnerability. The vulnerability has appeared in a number of samples on malware. A widening number of anti-virus firms have issued signature updates to defend against the threat. Symantec, acting on samples sent to it by handlers at the Institute’s Internet Storm Centre (SANS), was the first to publish an advisory. It is detected as Trojan.Mdropper by Symantec.
The timing of the arrival of the exploit means Microsoft had insufficient time to respond before its regular Patch Tuesday update, a factor that’s unlikely to be a coincidence. The flaw is still under investigation and will probably be withheld until a fix is unavailable. At this point it is unclear who the attack is targeting, though it is safe to assume the vulnerability will be eventually exploited by Chinese hackers.
Vulnerable:
Microsoft Word 2003 and Microsoft Office 2003 SP1 (leads to a crash)
Microsoft Word 2002 SP3
Microsoft Word 2000 (leads to a crash)
Microsoft Office XP
More information can be found in Microsoft Security Advisory 953635.
No further details can be provided at this time. In-the-wild samples of code exploiting this issue were already supplied to Symantec by SANS.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.