Exploit Targeting Unpatched Word Vulnerability Spotted (Follow-up)
Wednesday February 14, 2007 at 4:29 pm CST
Posted by Craig Schmugar
This is an update to the update on CVE-2007-0870.
A few days ago I blogged about a new Word vulnerability that was used in a targeted attack (I know, it’s hard to keep these straight). Later that day Microsoft stated that the vulnerability was limited to denial of service, rather than remote code execution, and the blog was updated accordingly.
Well, since then our researchers continued to look at the issue, as did Microsoft’s. Today, McAfee Avert Labs’ analysis shows that this vulnerability is likely not limited to denial of service and that remote code execution may in fact be possible. Microsoft has also acknowledged that the vulnerability may not be limited to denial of service. Word 2000 and Word XP are believed to be vulnerable, though exploiting this flaw is non-trivial.
I suspect that a Microsoft Security Advisory for this issue will be released soon.
In related news, the team is currently analyzing proof-of-concept Excel files that were posted publicly today as “Microsoft Office Excel 2003 XLS File Denial Of Service”.
Update Feb 14, 6:15pm
A short while ago Microsoft did indeed release Microsoft Security Advisory (933052).
February 14th, 2007 at 4:40 pm
[…] Further analysis shows this is likely not limited to denial of service. See Exploit Targeting Unpatched Word Vulnerability Spotted (Follow-up) […]
February 17th, 2007 at 7:58 am
[…] This week, Microsoft patched eight issues with Word or other Microsoft Office components, as described in MS07-014 and MS07-015. Since spring 2006, Microsoft’s Office components have been increasingly exploited by attackers targeting specific companies or organizations, and reports of new zero-day attacks are becoming more frequent. Despite this week’s set of Microsoft security fixes, several issues remain unpatched. SANS has a chart summarizing “the missing Microsoft patches” and McAfee has a blog entry about the newest Word threat. […]
March 18th, 2007 at 7:17 pm
Further analysis shows this is likely not limited to denial of service.� See Exploit Targeting Unpatched Word Vulnerability Spotted (Follow-up)