[room] Fwd: [SA20153] Microsoft Word Unspecified Code Execution Vulnerability

Michael Shigorin =?iso-8859-1?q?mike_=CE=C1_osdn=2Eorg=2Eua?=
Сб Май 20 11:45:07 MSD 2006


вот так...

----- Forwarded message from Secunia Security Advisories -----


TITLE:
Microsoft Word Unspecified Code Execution Vulnerability

SECUNIA ADVISORY ID:
SA20153

VERIFY ADVISORY:
http://secunia.com/advisories/20153/

CRITICAL:
Extremely critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
Microsoft Office 2003 Professional Edition
http://secunia.com/product/2276/
Microsoft Office 2003 Small Business Edition
http://secunia.com/product/2277/
Microsoft Office 2003 Standard Edition
http://secunia.com/product/2275/
Microsoft Office 2003 Student and Teacher Edition
http://secunia.com/product/2278/
Microsoft Office XP
http://secunia.com/product/23/
Microsoft Word 2002
http://secunia.com/product/2150/
Microsoft Word 2003
http://secunia.com/product/4908/

DESCRIPTION:
A vulnerability has been reported in Microsoft Word, which can be
exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error. This can be
exploited to execute arbitrary code.

NOTE: This vulnerability is being actively exploited.

The vulnerability has been reported in Microsoft Word 2002 and
Microsoft Word 2003.

SOLUTION:
Do not open untrusted Office documents.

PROVIDED AND/OR DISCOVERED BY:
This vulnerability has been discovered in the wild as a "Zero-day"
while investigating a system compromise.

OTHER REFERENCES:
SANS:
http://isc.sans.org/diary.php?storyid=1345

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

----- End forwarded message -----

-- 
 ---- WBR, Michael Shigorin <mike на altlinux.ru>
  ------ Linux.Kiev http://www.linux.kiev.ua/



Подробная информация о списке рассылки smoke-room