December 14, 2006 11:50 AM PST

Attack code published for third Word flaw

A third security flaw in Microsoft Word has emerged, according to some security companies, and a researcher has published code for it that could be used to launch an attack.

Secunia and McAfee said Thursday that a buffer-overflow flaw in the word-processing application could crash a computer and ultimately let an outsider run code on a vulnerable PC.

But Microsoft said it could not confirm the existence of the vulnerability on Thursday, noting that it was still investigating the issue.

The problem is the third to arise in Word in less than two weeks. The other two zero-day vulnerabilities also involve memory corruption issues, according to a security advisory from Secunia. So far, these unpatched flaws have been used only for limited and targeted attacks, Microsoft has said.

"Up until now, it was only the victims of the attack, the attacker and Microsoft who knew how these flaws were exploited," said Thomas Kristensen, Secunia's chief technology officer.

With the third possible vulnerability, the situation could be more serious. A software analyst who calls himself "Disco Jonny" has published proof-of-concept code that appears to use the security hole.

"The impact of the file I released would be a crash in Microsoft Word. This file could be taken and turned into a functioning exploit by a person skilled enough," Disco Jonny said in an e-mail interview. "This could then lead to code, controlled by the person who sent or created the file, being run on the victim's machine in the context of the current user that is logged in."

As such, the proof-of-concept code could serve as a template for hackers to create a functioning malicious attack. It exploits a third flaw, but exactly how the code works is not clear, said Dave Marcus, security research and communications manager at McAfee.

Disco Jonny said that part of his problem in trying to be more specific about the source of the code is that he does not have access to information about the characteristics of the first two Word vulnerabilities. Microsoft has released a security advisory on one of those flaws, and a blog posting on the other, but these do not include much detail.

"From conversations with others, I am pretty sure that this bug is not related to the two current Word issues," Disco Jonny said. "This is a third, as yet unknown vulnerability in Microsoft Word. Without having the other two word issues to look at, I cannot state 100 percent either way."

See more CNET content tagged:
vulnerability, flaw, Microsoft Word, security company, code

19 comments

Join the conversation!
Add your comment
MS Office IS a virus.
MS Office. An easy to eradicate virus using Add/Remove Programs.
Posted by Microsoft_Facts (109 comments )
Reply Link Flag
MS OFFICE REMOVAL
Add/Remove Programs doesn't entirely get rid of MS Office...besides, MS Office is just an extension of MS Internet Explorer's framework...
Posted by justwally (32 comments )
Link Flag
You ARE ignorant.
Incredible how many people like this virus: more than 75% of the market does. It's a shame you can't just remove your ignorance and bias with Add/Remove Programs. Oh well, at least we can always have a laugh. :)
Posted by Ryo Hazuki (378 comments )
Link Flag
You ARE ignorant.
Incredible how many people like this virus: more than 75% of the market does. It's a shame you can't just remove your ignorance and bias with Add/Remove Programs. Oh well, at least we can always have a laugh. :)
Posted by Ryo Hazuki (378 comments )
Link Flag
This is part of Microsoft's migration to Office 2007 Plan
Or you could install OpenOffice. Best installed in Linux but a Windows version is available too.
Posted by slim-1 (229 comments )
Reply Link Flag
open office doesnt have bugs?
disco jonnys file will also crash open office (latest version for windows & linux)

Quiet a few word doc readers throw a fit on that file.

<yawn>

back in your box fanboy.
Posted by ghooti (2 comments )
Link Flag
No, it's part of Microsoft's world domination Master Plan
Or you could install MS Office 2007 (which is not affected by any of these bugs). Works in PC and Mac, just not in Linux, but who uses Linux anyway, lol? (less than 1% of the market)
Posted by Ryo Hazuki (378 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.