A vulnerability in the way Microsoft Word handles malformed Word Document streams could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Microsoft Word contains a memory corruption vulnerability that could be triggered when Word opens a document containing a malformed Word Document stream. Although this vulnerability was initially reported to only cause a denial-of-service, it is now believed that it can be used to execute arbitrary code.
Note that this vulnerability is actively being exploited.
By convincing a user to open a specially crafted Word document, a remote, unauthenticated attacker could execute arbitrary code with the privileges of the user running Word. If the user is logged in with administrative privileges, the attacker could take complete control of a vulnerable system.
Apply an update
This vulnerability was reported by McAfee Avert Labs.
This document was written by Jeff Gennari.
|Date First Published:||2007-02-15|
|Date Last Updated:||2007-06-15 21:54 UTC|