Description: A vulnerability has been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an unspecified error when parsing malformed functions. This can be exploited to corrupt memory via a specially crafted function in a Word document.
Successful exploitation allows execution of arbitrary code.
NOTE: The vulnerability is currently being actively exploited.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Provided and/or discovered by: Discovered as a 0-day.
Changelog: 2007-01-27: Added information from Microsoft.
2007-01-30: Added link to US-CERT.
2007-02-13: Added additional information from Microsoft. Updated "Solution" section.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
