Exploit code for a third, unpatched vulnerability in Microsoft Word has been posted on the Internet, adding to the software maker's struggles to keep up with gaping holes in its popular word processing program. The attack code, available at Milw0rm.com, contains sample Word documents that have been rigged to launch code execution exploits when the file is opened.
Microsoft has not yet publicly acknowledged the vulnerability, but the United States Computer Emergency Readiness Team issued an alert to warn that Word documents can be manipulated to trigger code execution of denial-of-service attacks. "Data used by Microsoft Word to construct a destination address for a memory copy routine is embedded within a Word document itself. If an attacker constructs a Word document with a specially crafted value used to build this destination address, then that attacker may be able to overwrite arbitrary memory," the US-CERT warned.
An attacker could trigger the vulnerability by convincing a user to open a rigged Word document. Because exploit code is publicly available, the risk of a widespread attack is heightened.