|
MS06-027 - KB 919637
Vulnerable: Word 2000 (including Word Viewer 2003) and better and Works 2000 and better Not Vulnerable: Word for Mac This is a remote code execution vulnerability that uses a malformed object pointer to corrupt system memory and can be used to execute arbitrary code. If the user logged in has administrative privileges, the exploit will run with those same privileges and could take complete system control. In order to successfully exploit this vulnerability, an attacker would have to persuade a user to open a malicious Word document, either through e-mail or a web page. This vulnerability is marked critical and Microsoft Office users should apply the patch immediately. It is possible to not log in with an administrator-level account, but that would not prevent "spyware" classes of attacks. -- John Bambenek -- University of Illinois |
John 255 Posts ISC Handler |
| Subscribe |
Jun 13th 2006 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!
