Although Microsoft recently released Office 2016, legacy versions of the popular productivity suite are still common in both business and home settings. Extended support for Office 2007, for example, does not end for almost two more years. FortiGuard Labs recently disclosed a “use-after-free” vulnerability in Microsoft Word 2007. Other versions may be affected, but researchers completed a proof of concept demonstrating the vulnerability in Word 2007 SP3 that may allow remote code execution.
Use-after-free vulnerabilities have gained attention in recent years largely due to several flaws in the Internet Explorer web browser. This type of vulnerability allows attackers to use previously freed memory to corrupt data or execute arbitrary code. Microsoft initially patched this particular vulnerability earlier this year, but the patch was incomplete, so the company reissued a patch on October 13 that fully addressed the issue.
FortiGuard Labs Discovers Use-After-Free Vulnerability In Microsoft Word 2007 | Fortinet Blog
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.