Security researchers are reporting a newly discovered vulnerability in Microsoft Word that could potentially allow for remote execution by hackers or malware.
Detailed in a security report distributed by training specialist organization The SANS Institute and tagged with a “critical” rating in the published summary, the list handling memory corruption flaw in Word specifically affects users of Microsoft Office 2000 and Office 2003, and is related to the function in those programs through which Word documents can be opened upon receipt without a user first being prompted to do so.
Microsoft has not yet confirmed the issue and no known updates have been made available to fix the problem.
SANS reported that the memory corruption vulnerability is linked to Word’s handling of unordered or bulleted lists and said an attack utilizing a specially crafted Word document containing such a list could be used to trigger the issue.
“Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code with the privileges of the current user,” SANS reported.
More recent versions of Word do not contain the same document-launching function that would allow for such an attack to be carried out without user interaction, although SANS said it remains unclear whether additional versions of Word are affected by the issue.
The security training organization also reported that several proofs of concept have already been made publicly available for the Word flaw and that several videos demonstrating the involved attack technique are also being circulated — although user interaction was a requirement to exploit the problem in those clips, SANS said.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWEEK and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.
