Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Another new Word 0-day, information & dat released by McAfee SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Another new Word 0-day, information & dat released by McAfee
We received notification from an ISC participant that McAfee has released a dat today for protection against a buffer overflow attack in MS Word. The announcement says "Note: This vulnerability was first found through one of the samples that McAfee analyzed, and this vulnerability differs from the "Microsoft Word 0-Day Vulnerability I" that was published on December 5, 2006.".

Other vendors are expected to follow suit

McAfee "Microsoft Word 0-Day Vulnerability II "

"Vendor Status - Unacknowledged
Vulnerable systems - Windows XP  SP0 - SP2, Windows 2003  SP0 - SP1, Microsoft Word  XP, Microsoft Word  2003"

McAfee has identified PWS-Agent.g as "a password stealing trojan that was most recently installed by Exploit MSWord.b via a 0-day Microsoft Word vulnerability.".

Thanks for the heads up!

eEye Research has a site that's quite useful for tracking 0-days, Zero-Day Tracker

There's a report over at the Microsoft Security Response Center Blog!, see the New Report of A Word Zero Day.
According to the post, "the vulnerability is being exploited on a very, very limited and targeted basis". That is a description that adds further granulization to MS's explanation of "What ?very limited, targeted attacks? Means"". And as long as there's no patch forthcoming for this vuln (or the December 5th one), it's starting to sound like using the exploit is going to be "Rewarding, very, very, very rewarding" (see the Citi commercials/video).

193 Posts
Dec 10th 2006

Sign Up for Free or Log In to start participating in the conversation!