Palo Alto Networks Discovers Critical Vulnerability in Microsoft Word

Palo Alto Networks of Sunnyvale, California, has announced that its Threat Research Team discovered one of the six critical vulnerabilities communicated in Microsoft’s Patch Tuesday security bulletin this week. The exploited vulnerability could allow a hacker full system access and control.

Prompting the highest vulnerability rating, Microsoft credited Palo Alto Networks exclusively with the discovery of Word Memory Corruption Vulnerability (CVE-2008-4026). The vulnerability exists in the way that Microsoft Word handles certain Word files.

An attacker could deliver a seemingly innocent document to a user via email, IM or as a download from a Website. If opened, the execution would enable an attacker to take complete control of an affected system, allowing them to then install programs; view, change, or delete data; or create new accounts with full user rights. The vulnerability exists in both the Microsoft Office 2003 and 2007 versions.

For full details of this press release click on Palo Alto Networks Discovers Critical Vulnerability in Microsoft Word
For more details from Microsoft click on MS08-072