Via social engineering

Dec 6, 2006 09:43 GMT  ·  By

Microsoft has issued a Security Advisory warning of zero-day exploits targeting a Word vulnerability. According to the Redmond Company, a whole range of Word applications are vulnerable and could allow for remote code execution in the eventuality of a successful exploit. Users of Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word 2004 v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006 have already been targeted by attacks looking to take advantage of the exploit.

"We are currently investigating a report of a proof of concept which may allow an attacker to execute code on a user's machine by convincing them to open a specially-crafted Word document. We are aware of limited attacks attempting to use the vulnerability reported," revealed the Microsoft Security Response Center Team.

Microsoft revealed that the vulnerability cannot be exploited in the absence of user intervention. In this context, the attack will take the form of a social engineering scheme designed to convince the victim to execute a malicious Word file.

"As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs," informed Microsoft.