Some vulnerabilities have been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system.

1) An unspecified error in the handling of certain strings in Word documents can be exploited to cause a memory corruption via a specially crafted string.

NOTE: According to Microsoft, this vulnerability is already being actively exploited on a limited scale.

2) An error within the processing of counts in Word documents can be exploited to somewhat control the destination address of a memmove() call by manipulating a certain DWORD in the document used for calculating the destination address.

3) An error within the handling of macros in Word documents can be exploited to automatically execute a macro by manipulating certain properties in a Word document.

4) An error within the processing of drawing objects can be exploited to cause a memory corruption via a Word document containing a specially crafted drawing object.

Successful exploitation of the vulnerabilities allows execution of arbitrary code.

Solution
Apply patches.
Further details available in Customer Area

Provided and/or discovered by
1) Discovered as a 0-day.
2) disco
3) The vendor credits USAA.
4) Reported by the vendor.

Changelog
Further details available in Customer Area

Original Advisory
MS07-014 (KB929434):
http://www.microsoft.com/technet/security/Bulletin/MS07-014.mspx

Microsoft:
http://www.microsoft.com/technet/security/advisory/929433.mspx
http://blogs.technet.com/msrc/archive/2006/12/06/microsoft-security-advisory-929433-posted.aspx
http://blogs.technet.com/msrc/archive/2006/12/15/update-on-current-word-vulnerability-reports.aspx

milw0rm:
http://milw0rm.com/exploits/2922

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area