Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Immunity: Word 0-day issue is problem in Smart Tags

From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Tue, 13 Jun 2006 18:27:42 +0300 (EEST)
Microsoft will release a fix to code execution vulnerability in MS Word today
( http://www.microsoft.com/technet/security/advisory/919637.mspx CVE-2006-2492 etc.) 

Major sources say this vulnerability affecting Word 2003 and Word 2002 is problem in object handling.
But it appears that one vendor (Immunity Inc.) had their non-public PoC in late May, already.

After some hours we know more details about the vulnerability.
Especially I'm interested what was the reason to recommend using Office Viewers as a workaround. Maybe these viewers 
don't support Smart Tags.
MS has instruction to switch this feature off as well:
http://office.microsoft.com/en-gb/assistance/HP030832781033.aspx

I have written a detailed story to
http://blogs.securiteam.com/index.php/archives/436

- Juha-Matti

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: