Critical MS Word Vulnerability Surfaces

December 7th, 2006: Microsoft has sent out warnings this week regarding a new flaw that has emerged in its word processing software that potentially enables cyber criminals to run unauthorised software.

Labelled “extremely critical” by security experts Secunia, the problem has surfaced in a memory corruption error, and could allow a malicious person to run software on the compromised system.

According to Secunia, the flaw is present in Microsoft Office 2000 and 2003, Office 2004 for Mac, Office X for Mac, Office XP, Word 2000 – 2003, and Works Suite 2004, 2005 and 2006. The company says it centres on a vulnerability caused due to an unspecified error in the handling of Word documents which can be exploited to cause a memory corruption.

Microsoft says it is currently working on a patch and expects this to be available on its next scheduled patch day, December 12. By way of a workaround until then, Microsoft has advised users not to accept or save documents from untrustworthy sources or documents “that you receive unexpectedly from trusted sources."

As Windows XP has become bolstered with regular patches, criminals are increasingly turning to Microsoft’s other core products, such as Office, to dig up exploits.

Comment on this story