Last Updated: 2006-12-10 22:03:23 UTC
by Patrick Nolan (Version: 1)
Other vendors are expected to follow suit
McAfee "Microsoft Word 0-Day Vulnerability II "
"Vendor Status - Unacknowledged
Vulnerable systems - Windows XP SP0 - SP2, Windows 2003 SP0 - SP1, Microsoft Word XP, Microsoft Word 2003"
McAfee has identified PWS-Agent.g as "a password stealing trojan that was most recently installed by Exploit MSWord.b via a 0-day Microsoft Word vulnerability.".
Thanks for the heads up!
eEye Research has a site that's quite useful for tracking 0-days, Zero-Day Tracker
There's a report over at the Microsoft Security Response Center Blog!, see the New Report of A Word Zero Day.
According to the post, "the vulnerability is being exploited on a very, very limited and targeted basis". That is a description that adds further granulization to MS's explanation of "What “very limited, targeted attacks” Means"". And as long as there's no patch forthcoming for this vuln (or the December 5th one), it's starting to sound like using the exploit is going to be "Rewarding, very, very, very rewarding" (see the Citi commercials/video).