Security

MS Word 0-day: Round 3

Yesterday eWeek reported another 0-day exploit for Microsoft Word. While Microsoft has not publicly acknowledged the threat, has issued a bulletin warning of it and a has been released publicly.

From the CERT bulletin:

Data used by Microsoft Word to construct a destination address for a memory copy routine is embedded within a Word document itself. If an attacker constructs a Word document with a specially crafted value used to build this destination address, then that attacker may be able to overwrite arbitrary memory.

According to the eWeek article, currently only BitDefender recognizes the threat. Testing on a fully patched and up-to-date WinXP SP2 I can at least vouch that AVG doesn’t recognize it as a threat yet. Opening the POC in Microsoft Word results in successful execution of the exploit (which in the POC merely crashes Word.) Attempting to open the POC in OpenOffice results in OO reporting an error.

My recommendation: use .