New Word vulnerability if exploited could allow full system access and control

Palo Alto Networks announced that its Threat Research Team discovered one of the six critical vulnerabilities communicated in Microsoft’s Patch Tuesday security bulletin this week.

Prompting the highest vulnerability rating, Microsoft credited Palo Alto Networks exclusively with the discovery of Word Memory Corruption Vulnerability (CVE-2008-4026). The vulnerability exists in the way that Microsoft Word handles certain Word files.

An attacker could deliver a seemingly innocent document to a user via email, IM or as a download from a Website. If opened, the execution would enable an attacker to take complete control of an affected system, allowing them to then install programs; view, change, or delete data; or create new accounts with full user rights. The vulnerability exists in both the Microsoft Office 2003 and 2007 versions.