We received notification from an ISC participant that McAfee has released a dat today for protection against a buffer overflow attack in MS Word. The announcement says "Note: This vulnerability was first found through one of the samples that McAfee analyzed, and this vulnerability differs from the "Microsoft Word 0-Day Vulnerability I" that was published on December 5, 2006.".
Other vendors are expected to follow suit
McAfee "Microsoft Word 0-Day Vulnerability II "
"Vendor Status - Unacknowledged
Vulnerable systems - Windows XP SP0 - SP2, Windows 2003 SP0 - SP1, Microsoft Word XP, Microsoft Word 2003"
McAfee has identified PWS-Agent.g as "a password stealing trojan that was most recently installed by Exploit MSWord.b via a 0-day Microsoft Word vulnerability.".
Thanks for the heads up!
eEye Research has a site that's quite useful for tracking 0-days, Zero-Day Tracker
There's a report over at the Microsoft Security Response Center Blog!, see the New Report of A Word Zero Day.
According to the post, "the vulnerability is being exploited on a very, very limited and targeted basis". That is a description that adds further granulization to MS's explanation of "What ?very limited, targeted attacks? Means"". And as long as there's no patch forthcoming for this vuln (or the December 5th one), it's starting to sound like using the exploit is going to be "Rewarding, very, very, very rewarding" (see the Citi commercials/video).
Dec 10th 2006
|Thread locked Subscribe||
Dec 10th 2006
1 decade ago