A trio of what appear to be new, yet-to-be-patched flaws in Microsoft Office has surfaced, according to security researchers at McAfee. The vulnerabilities were reported in online security forums on Monday, according to a posting on the McAfee Avert Labs blog on Tuesday. All but one of the flaws results in denial of service, meaning the application would crash, according to the blog post.
“There is one heap-overflow flaw that might be exploited for code execution,” Karthik Raman, a McAfee researcher wrote on the blog on Tuesday. Typically such flaws are exploited by tricking a targeted victim into opening a rigged Office document.
Microsoft is investigating the bug reports as well, a company representative said in an e-mailed statement. Microsoft is not aware of any attacks that exploit any of the issues at this time, the representative said.
View: Full post
Microsoft, Microsoft Office, Zero-day, Bug, Bugs, Security, Patch