Just a day after
patching a variety of flaws in Word,
Microsoft found itself dealing with yet another zero-day flaw in
the application.
The software giant said in an
advisory that it's investigating new reports
of "very limited, targeted attacks" against a zero-day flaw in
versions of Word included in Microsoft Office 2000 and Microsoft
Office XP. In order for an exploit to be successful, Microsoft
noted that a user must first open a malicious Office file
provided by an attacker, likely via email.
"Upon completion of this investigation, Microsoft will take the
appropriate action to help protect our customers," the company said
in its advisory. "This may include providing a security update
through our monthly release process or providing an out-of-cycle
security update, depending on customer needs."
The French Security Incident Response Team (FrSIRT) said in an
advisory that the critical problem is a memory
corruption error in how malformed documents are handled. Attackers
could exploit this, FrSIRT said, to "execute arbitrary commands by
tricking a user into opening a specially crafted Word
document."
Microsoft said users should practice "extreme caution" when
opening unsolicited attachments from both known and unknown
sources. The company has also updated its Windows Live OneCare
scanner to catch malware attempting to exploit the flaw.
Cisco fixes firewall flaws
Cisco Systems Inc. has patched a number of flaws in its Firewall
Services Module (FWSM), PIX 500 Series Security Appliances and 5500
Series Adaptive Security Appliances.
The networking giant said in an
advisory that the FWSM vulnerabilities are
rooted in how the program processes certain forms of HTTP,
HTTPS, SIP and SNMP traffic.
"If verbose logging is enabled for debugging purposes, a
vulnerability exists when the FWSM processes packets destined to
itself," Cisco said. "All of these vulnerabilities may result in a
reload of the device."
Similar vulnerabilities affect the PIX 500
Series Security Appliances and ASA 5500 Series Adaptive Security
Appliances, Cisco said.
Danish vulnerability clearinghouse Secunia said in an
advisory that attackers could also exploit the
moderately critical flaws to bypass certain security
restrictions.