Connections +

Palo Alto Networks discovers critical vulnerability in Microsoft Word

December 10, 2008  

Print this page

Palo Alto Networks today announced that its Threat Research Team discovered one of the six critical vulnerabilities communicated in Microsoft’s Patch Tuesday security bulletin this week.

Prompting the highest vulnerability rating, Microsoft credited Palo Alto Networks with the discovery of Word Memory Corruption Vulnerability (CVE-2008-4026). The vulnerability exists in the way that Microsoft Word handles certain Word files.

An attacker could deliver a seemingly innocent document to a user via e-mail, IM or as a download from a Web site.

If opened, the execution would enable an attacker to take complete control of an affected system, allowing them to then install programs; view, change, or delete data; or create new accounts with full user rights. The vulnerability exists in both the Microsoft Office 2003 and 2007 versions.