Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Another new Word 0-day, information & dat released by McAfee

Published: 2006-12-10
Last Updated: 2006-12-10 22:03:23 UTC
by Patrick Nolan (Version: 1)
0 comment(s)
We received notification from an ISC participant that McAfee has released a dat today for protection against a buffer overflow attack in MS Word. The announcement says "Note: This vulnerability was first found through one of the samples that McAfee analyzed, and this vulnerability differs from the "Microsoft Word 0-Day Vulnerability I" that was published on December 5, 2006.".

Other vendors are expected to follow suit

Exploit-MSWord.b
McAfee "Microsoft Word 0-Day Vulnerability II "

"Vendor Status - Unacknowledged
Vulnerable systems - Windows XP  SP0 - SP2, Windows 2003  SP0 - SP1, Microsoft Word  XP, Microsoft Word  2003"

McAfee has identified PWS-Agent.g as "a password stealing trojan that was most recently installed by Exploit MSWord.b via a 0-day Microsoft Word vulnerability.".

Thanks for the heads up!

eEye Research has a site that's quite useful for tracking 0-days, Zero-Day Tracker

There's a report over at the Microsoft Security Response Center Blog!, see the New Report of A Word Zero Day.
According to the post, "the vulnerability is being exploited on a very, very limited and targeted basis". That is a description that adds further granulization to MS's explanation of "What “very limited, targeted attacks” Means"". And as long as there's no patch forthcoming for this vuln (or the December 5th one), it's starting to sound like using the exploit is going to be "Rewarding, very, very, very rewarding" (see the Citi commercials/video).
Keywords:
0 comment(s)
Diary Archives