Original URL: http://www.theregister.co.uk/2006/12/15/word_flaw_three/
Third unpatched vuln menaces Word
No end to the madness in sight
Hackers have released an exploit targeting a third unpatched vulnerability in Microsoft Word. The flaw is different from the two previous Word vulnerabilities reported earlier this month, US CERT helpfully explains.
This time around we're dealing with a memory corruption flaw that might be exploited providing users are tricked into opening a malformed Word document to either crash - or load malware onto - vulnerable PCs running Word. Attack code was available at Milw0rm.com, so the potential for mischief is high.
Pending a patch for Microsoft against the trio of unpatched bugs currently at large, US-CERT recommends users to avoid untrusted Word documents or attachments from unsolicited email messages and to use updated anti-virus packages as a way of mitigating the risk of attack. In an echo of Microsoft's advice when the first of these security bugs came out little over a week ago (on December 6) the security clearing house further advises punters not to open unfamiliar or unexpected email attachments, even if sent by a trusted source. ®