| Date (UTC) | Description |
| 2006-12-11 16:35 |
Internet Security Systems
AlertCon (2) => (1)
|
| 2006-12-08 02:39 |
F-Secure: News from the Lab
Word hole will remain open
Looks like we'll have to not open or save Word files from untrusted sources, or unexpectedly received from trusted sources, for another month. No one sends DOC files in e-mails anyway, right? The dropped files we have seen used together with the Word vulnerability are detected as Trojan-Downloader.Win32.Cryptic.ec, Trojan-Downloader.Win32.Cryptic.f and Trojan-Downloader.Win32.Tiny.y.
|
| 2006-12-06 23:40 |
Internet Security Systems
AlertCon (1) => (2)
|
| 2006-12-06 14:19 |
F-Secure: News from the Lab
Hole in Word
Microsoft has just released a security advisory about a new zero-day vulnerability found in a bunch of versions of Word and Works:
|
| 2006-12-06 09:04 |
US-CERT
VU#167928: Microsoft Word malformed string vulnerability
A vulnerability in Microsoft Word could allow an attacker to execute arbitrary code on a vulnerable system.
|
| 2006-12-06 01:28 |
Microsoft Security Response Center Blog
Microsoft Security Advisory (929433) Posted
We are currently investigating a report of a proof of concept which may allow an attacker to execute code on a user's machine by convincing them to open a specially-crafted Word document. We are aware of limited attacks attempting to use the vulnerability reported.
|
| 2006-12-06 |
US-CERT
Active Exploitation of a Vulnerability in Microsoft Word
US-CERT is aware of reports of active exploitation of a new vulnerability in Microsoft Word. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the user running Word.
|
| 2006-12-05 23:05 |
SANS Internet Storm Center
Word Zero-Day, So Sayeth Microsoft
Microsoft released an announcement of a zero-day vulnerability in Microsoft Word.
|
| 2006-12-05 |
eEye Digital Security
EEYEZD-20061205: Word Unspecified Exploit
A remote code execution vulnerability exists within Microsoft Word which may allow for a remote attacker to execute arbitrary code under the context of the logged in user.
|
| 2006-12-05 |
Microsoft
Microsoft Security Advisory (929433): Vulnerability in Microsoft Word Could Allow Remote Code Execution
Microsoft is investigating a new report of limited "zero-day" attacks using a vulnerability in Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word 2004 v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006.
|