| Check Point Reference: |
CPAi-2006-051 |
| Date Published: |
24 May 2006 |
| Severity: |
High
|
| Last Updated: |
Monday 07 May, 2007 |
| Source: |
Microsoft Security Advisory (919637) |
| Industry Reference: | CVE-2006-2492 |
| Protection Provided by: |
|
| Who is Vulnerable? | Windows 2000
Windows 95
Windows 98
Windows Me
Windows NT
Windows Server 2003
Windows XP
Microsoft Word |
| Vulnerability Description |
A zero-day attack has been reported using a code execution vulnerability in Microsoft Word. In order for this attack to be triggered, a user must open a malicious Word document attached to an e-mail or otherwise provided to them by an attacker. Opening the Word file causes the system to be exploited. |
| Update/Patch Avaliable | Microsoft is scheduled to release a patch as part of the June security updates on June 13, 2006, or sooner. |
| Vulnerability Details | The flaw exists in a malformed pointer.When a user opens a specially crafted Word file using a malformed object pointer, it may corrupt system memory in such a way that an attacker could execute arbitrary code. |
Feedback