The new vulnerability "resides in the way Microsoft Word handles data describing the text formatting in a document," such as the font type, according to Symantec.
"By modifying certain properties within the data structure used to contain this information, an attacker can cause code to execute within the Microsoft Word process," Amado Hidalgo said Thursday on the Symantec Security Response Weblog. "This could allow it to drop malicious code onto the targeted system, or install a back door."
Two other vulnerabilities related to the unspecified handling of Word documents - reported earlier this month - remain unpatched. Some security experts predict Microsoft will release an out-of-cycle fix for the bugs instead of waiting until the next Patch Tuesday, scheduled for Jan. 9.
Microsoft is investigating reports of the third Word exploit, but so far has not released an official statement.
"Microsoft will continue to investigate the public reports to help provide additional guidance for customers as necessary," a company spokesman told SCMagazine.com. "Upon completion of this investigation, Microsoft will take appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs."
The three Word flaws reflect a growing trend among attackers to target client-side file format applications. Researchers have also noted the timing of the bugs' releases, which occurred right before Patch Tuesday or soon after, thus maximizing their exposure time as Microsoft hustles to push out a fix.
Click here to email reporter Dan Kaplan.
Symantec spots third exploit for Microsoft Word flaw
By Dan Kaplan on Dec 18, 2006 8:49AM