Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Update on Word 0-Day Issue SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Update on Word 0-Day Issue
Microsoft and eEye have each released advisories related to the issue this evening.

Microsoft's security advisory can be found here.

eEye's advisory can be found here.

The information about vulnerable exploits differs a little between the two advisories.

Microsoft says the vulnerability only affects Word 2002/XP and Word 2003 and that Word 2000 is not vulnerable. The Microsoft advisory contains information on workarounds including not using Word as the default mail editor in Outlook and running Word in 'Safe Mode' to disable the functionality that is affected by the vulnerability and exploit.

eEye says that the vulnerability affects Word 2000 as well.  The eEye advisory mentions that they believe there are two variants of this exploit.  Thus, it may be that the first variant only affects Word 2002/XP and 2003 and the second variant affects all three versions.

Update 25-May-2006:  eEye has removed Word 2000 from their list of vulnerable products.


78 Posts
May 23rd 2006

Sign Up for Free or Log In to start participating in the conversation!