December 14, 2006 11:50 AM PST
Attack code published for third Word flaw
Secunia and McAfee said Thursday that a buffer-overflow flaw in the word-processing application could crash a computer and ultimately let an outsider run code on a vulnerable PC.
But Microsoft said it could not confirm the existence of the vulnerability on Thursday, noting that it was still investigating the issue.
The problem is the third to arise in Word in less than two weeks. The other two zero-day vulnerabilities also involve memory corruption issues, according to a security advisory from Secunia. So far, these unpatched flaws have been used only for limited and targeted attacks, Microsoft has said.
"Up until now, it was only the victims of the attack, the attacker and Microsoft who knew how these flaws were exploited," said Thomas Kristensen, Secunia's chief technology officer.
With the third possible vulnerability, the situation could be more serious. A software analyst who calls himself "Disco Jonny" has published proof-of-concept code that appears to use the security hole.
"The impact of the file I released would be a crash in Microsoft Word. This file could be taken and turned into a functioning exploit by a person skilled enough," Disco Jonny said in an e-mail interview. "This could then lead to code, controlled by the person who sent or created the file, being run on the victim's machine in the context of the current user that is logged in."
As such, the proof-of-concept code could serve as a template for hackers to create a functioning malicious attack. It exploits a third flaw, but exactly how the code works is not clear, said Dave Marcus, security research and communications manager at McAfee.
Disco Jonny said that part of his problem in trying to be more specific about the source of the code is that he does not have access to information about the characteristics of the first two Word vulnerabilities. Microsoft has released a security advisory on one of those flaws, and a blog posting on the other, but these do not include much detail.
"From conversations with others, I am pretty sure that this bug is not related to the two current Word issues," Disco Jonny said. "This is a third, as yet unknown vulnerability in Microsoft Word. Without having the other two word issues to look at, I cannot state 100 percent either way."
19 commentsJoin the conversation! Add your comment