Word for Mac Exploit Released

Yet again, an exploit has been released into the wild within days of Microsoft announcing the vulnerability.

An exploit has been found in the wild for a Word vulnerability Microsoft patched on Oct. 9.

Symantec said in a posting on Oct. 10 that it had gotten its hands on a Word for Mac document that contains shell code and three pieces of malware.

The file kept crashing Symantecs Word programs—with the exception of Office 2007—until the security company determined that it had been created using Word for Macintosh.

The document was, in fact, rigged to exploit a flaw that Microsoft has already seen in the wild and which the company patched earlier in the week.

The fast turnaround from Patch Tuesday to an exploit being released into the wild is a trend that shows no signs of slowing down, Symantecs Orla Cox noted in the posting. But the good news with this one, Cox said, is that at least default configurations in Office 2007 and Office 2003 Service Pack 3 offer protection to Windows users, by preventing users from opening certain Office file formats, including Office for Macintosh documents. Microsoft describes this protective behavior in this support document.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.