Network Security: Detailed info on [Full-disclosure] Word flaw CVE-2007-0870 confirmed as code execution ty

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security FullDisclosure

[Top] [All Lists]

[Full-disclosure] Word flaw CVE-2007-0870 confirmed as code execution ty

from [Juha-Matti Laurio] Network Security

[Permanent Link]

Subject:	[Full-disclosure] Word flaw CVE-2007-0870 confirmed as code execution type issue
Date:	Thu, 15 Feb 2007 23:59:33 +0200 (EET)

Microsoft Word 0-day vulnerability affecting versions XP (aka 2002) and 2000 
has been confirmed as code execution type vulnerability.
This vulnerability was reported as DoS type issue some days ago. Security 
vendors and Microsoft have confirmed the code execution with detailed research.

An official Microsoft Security Advisory #933052 has been released at
http://www.microsoft.com/technet/security/advisory/933052.mspx
on Wednesday.
The related CVE name is
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0870

This vulnerability was used in typical targeted attacks.

- Juha-Matti

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Full-disclosure] Word flaw CVE-2007-0870 confirmed as code execution type issue, Juha-Matti Laurio <=

Previous by Date:	Re: [Full-disclosure] Solaris telnet vulnberability - how many on your network?, Joe Beasley
Next by Date:	Re: [Full-disclosure] Torpark breaks with DEP enabled, and how to break it further so that it works, KJKHyperion
Previous by Thread:	[USN-422-1] ImageMagick vulnerabilities, Kees Cook
Next by Thread:	[Full-disclosure] [ GLSA 200702-05 ] Fail2ban: Denial of Service, Raphael Marichez
Indexes:	[Date] [Thread] [Top] [All Lists]