 |
| |
Security - Microsoft Word Unspecified Code Execution Vulnerability |
|
| |
Home |
|
| |
Critical: Extremely critical
Impact: System access
Where: From remote
Status: Unpatched
Affected Products:
- Microsoft Office 2003 Professional Edition
- Microsoft Office 2003 Small Business Edition
- Microsoft Office 2003 Standard Edition
- Microsoft Office 2003 Student and Teacher Edition
- Microsoft Office XP
- Microsoft Word 2002
- Microsoft Word 2003
Description:
A vulnerability has been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error. This can be exploited to execute arbitrary code. This vulnerability has been discovered in the wild as a "Zero-day" vulnerability while investigating a system compromise.
NOTE: This vulnerability is being actively exploited.
The vulnerability has been reported in Microsoft Word 2002 and Microsoft Word 2003.
Recommended Solutions:
- Do not open untrusted Office documents.
- Implement Content Security at the network perimeter to quarantine Office documents from untrusted senders.
- Implement client-side whitelist security measures such as SecureWave, since normal anti-virus security solutions won't be effective in mitigating this exposure.
Please feel to contact BrightPlanIT at (716) 886-1245 or click here to email us.
|
|
 |