|
Microsoft Word 2000 Unknown Code Execution |
|
|
|
|
Thursday, 07 September 2006 |
DescriptionMicrosoft Word is an industry standard word processing application. An unknown code execution vulnerability is present in Microsoft Word 2000. An attacker could exploit this vulnerability to execute arbitrary code via a memory corruption error on affected systems. Exploitation requires a user to download and open a malicious document in Microsoft Word 2000.
9/6/2006 Vendor has provided information on the vulnerability. 9/5/2006 Vulnerability information has been publicly disclosed. 9/4/2006 Vulnerability information has been publicly disclosed. 9/1/2006 Discovery of malware in the wild using this exploit Recommendations McAfee Avert Labs is not aware of a vendor supplied patch/update at this time. McAfee Product Mitigation McAfee Foundstone - Signature:
- Microsoft Word 2000 Unknown Code Execution
- Signature identifier:
- 4576
- Release date:
- 9/6/2006
McAfee Foundstone - Signature:
- W32.femot/MoFei worm Detected
- Signature identifier:
- 2004
- Release date:
- 9/6/2006
McAfee Host IPS The HOST IPS signature protection below is found to block the known malware - Signature:
- MS Word Malformed Object Pointer Vulnerability
- Signature identifier:
- 3754
- Release date:
- 6/13/2006
- First released in:
- security content update 468
McAfee Anti-Virus protection McAfee Anti-Virus protection below is found to block the known malware - Signature:
- W32/MoFei.worm.dr
- Release date:
- 9/4/2006
- First released in:
- DAT 4844
-
Microsoft Word 2000 Document Handling Client-Side Command Execution Vulnerability http://www.frsirt.com/english/advisories/2006/3448 W32/MoFei.worm.dr http://vil.mcafeesecurity.com/vil/content/v_119055.htm Microsoft Security Advisory: Vulnerability in Word Could Allow Remote Code Execution (925059) http://www.microsoft.com/technet/security/advisory/925059.mspx
|