A "moderately critical" vulnerability in Microsoft Word and Outlook could allow an attacker to remotely access computer systems, Coppenhagen, Denmark-based IT security firm Secunia said.
The advisory said the problem arises when Word is used to edit mail in Outlook. This could be exploited to execute arbitrary code on a user's system if the user is tricked into forwarding a malicious e-mail with an unclosed "OBJECT" tag. The flaw could also be exploited through malicious HTML documents if edited in Word.
Reportedly, the advisory said, the vulnerability can only be exploited when mails are forwarded.
Secunia advises people not to use Word as the default mail editor.
James C. Slora Jr., assistant director of information technology for Chantilly, Va.-based engineering and land development firm Patton Harris Rust & Associates, reported the problem to Microsoft. "Word appears not to be subjected to Security Zone restrictions. Instead, individual and very specific commands and handlers appear to get blocked during HTML parsing," Slora said in an e-mail. "This apparent approach to Word security may mean that whole families of vulnerabilities that have been blocked in Outlook and Internet Explorer are probably still exploitable in Word."
He added, "I expect Microsoft to eventually issue a patch against the specific scenario I disclosed if they get enough heat about it, but there are probably a lot more exploit possibilities in Word."
Microsoft could not immediately be reached for comment.
Affected products are:
- Microsoft Office 2000
- Microsoft Office 2003 Professional Edition
- Microsoft Office 2003 Small Business Edition
- Microsoft Office 2003 Standard Edition
- Microsoft Office 2003 Student and Teacher Edition
- Microsoft Outlook 2000
- Microsoft Outlook 2003
- Microsoft Word 2000
- Microsoft Works Suite 2003