EXPLOIT CODE for a third, unpatched vulnerability in Microsoft Word has been posted at Milw0rm.com.
The site shows a sample Word document which have been booby trapped to launch code execution exploits when the file is opened.
According to EWeek, Vole has not admitted that the vulnerability exists, but a warning has been posted by the United States Computer Emergency Readiness Team.
US-CERT said that the data used by Microsoft Word to construct a destination address for a memory copy routine is embedded within a document.
It is a doodle for an attacker to construct a Word document with a specially crafted value used to build this destination address, then that attacker may be able to overwrite arbitrary memory.
This is the third code-execution flaw found in Word in the last two weeks, it must have something to do with the weather.
News source: THEINQUIRER
