Full Disclosure mailing list archives
Immunity: Word 0-day issue is problem in Smart Tags
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Tue, 13 Jun 2006 18:27:42 +0300 (EEST)
Microsoft will release a fix to code execution vulnerability in MS Word today( http://www.microsoft.com/technet/security/advisory/919637.mspx CVE-2006-2492 etc.)
Major sources say this vulnerability affecting Word 2003 and Word 2002 is problem in object handling. But it appears that one vendor (Immunity Inc.) had their non-public PoC in late May, already. After some hours we know more details about the vulnerability. Especially I'm interested what was the reason to recommend using Office Viewers as a workaround. Maybe these viewers don't support Smart Tags. MS has instruction to switch this feature off as well: http://office.microsoft.com/en-gb/assistance/HP030832781033.aspx I have written a detailed story to http://blogs.securiteam.com/index.php/archives/436 - Juha-Matti _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Immunity: Word 0-day issue is problem in Smart Tags Juha-Matti Laurio (Jun 13)