BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Microsoft Word XP/2002 SP3 Exploit

Disclosed July 8, 2008    No Patch Available

Vulnerability Description:

An unspecified vulnerability exists within Microsoft Word XP / 2002 which may possibly allow for a remote attacker to execute arbitrary code under the context of the logged in user. This vulnerability requires user interaction. In a web-based scenario (e-mail, Web site), a user would still have to open a file manually, as it would not be auto-opened.

NOTE: This information is gathered from the references below. eEye Research is currently researching the cause of the vulnerability and will update this ZDT entry as more information becomes available.

Vendors:

Microsoft

Vulnerable Software/Devices:

Microsoft Word XP/2002 SP3

Vulnerability Severity:

High

Exploit Availability:

N/A

BeyondTrust Prevention and Detection:

Mitigation:

Users are urged to only open known-sender Word documents, and should utilize a host-based IPS to protect from such an attack.

Links:

CVE(s):

None

Leave a Reply