December 2006
Microsoft Security Advisory: Vulnerability in Microsoft Word Could Allow Remote Code Execution (929433)
ID: 00849
Ref: 805/2006
Date: 06 December 2006:14:05:31
Version: 1
Title: Microsoft Security Advisory: Vulnerability in Microsoft Word Could Allow Remote Code Execution (929433)
Abstract: Vulnerability in Microsoft Word Could Allow Remote Code Execution Published: December 5, 2006
Vendors affected: Microsoft
Operating systems affected: Microsoft
Applications affected: Microsoft
Title
=====
Microsoft Security Advisory: Vulnerability in Microsoft Word Could Allow Remote Code Execution (929433)
Detail
======
Vulnerability in Microsoft Word Could Allow Remote Code Execution
Published: December 5, 2006
Microsoft is investigating a new report of limited #zero-day# attacks using a vulnerability in Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word
2004 v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006.
In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker.
As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources.
Full advisory:
http://www.microsoft.com/technet/security/advisory/929433.mspx