Daily cyber threats and internet security news: network security, online safety and latest security alerts
July 9th, 2008

Microsoft Word Unspecified Remote Code Execution Vulnerability

Microsoft warns that an unpatched Word vulnerability has become the subject of targeted attacks. Successful attacks may allow arbitrary malicious code to run in the context of the user running the application. Failed attack attempts may result in a crash.

The flaw creates a mechanism for hackers to inject hostile code onto vulnerable systems. Redmond has published workarounds as a stop-gap measure while its researchers investigate the flaw in greater depth.

According to Microsoft, there are limited, targeted attacks attempting to use the reported vulnerability. The vulnerability has appeared in a number of samples on malware. A widening number of anti-virus firms have issued signature updates to defend against the threat. Symantec, acting on samples sent to it by handlers at the Institute’s Internet Storm Centre (SANS), was the first to publish an advisory. It is detected as Trojan.Mdropper by Symantec.

The timing of the arrival of the exploit means Microsoft had insufficient time to respond before its regular Patch Tuesday update, a factor that’s unlikely to be a coincidence. The flaw is still under investigation and will probably be withheld until a fix is unavailable. At this point it is unclear who the attack is targeting, though it is safe to assume the vulnerability will be eventually exploited by Chinese hackers.


Microsoft Word 2003 and Microsoft Office 2003 SP1 (leads to a crash)
Microsoft Word 2002 SP3
Microsoft Word 2000 (leads to a crash)
Microsoft Office XP

More information can be found in Microsoft Security Advisory 953635.

No further details can be provided at this time. In-the-wild samples of code exploiting this issue were already supplied to Symantec by SANS.

Share this item with others:

More on CyberInsecure:
  • Word Vulnerability In Microsoft Jet Database
  • Zero-day Microsoft Windows NSlookup.exe Vulnerability Exploited In The Wild
  • Microsoft Patches Windows Worm And Drive-by Download Vulnerabilities
  • Microsoft Excel 0-day Code Execution Vulnerability Exploited In The Wild
  • Microsoft’s Patch Fix Critical Vulnerabilities In IE And Office

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Microsoft Word Unspecified Remote Code Execution Vulnerability

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.