Re: Microsoft Word 0-day Vulnerability (September) FAQ document available

To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: Microsoft Word 0-day Vulnerability (September) FAQ document available
From: Juha-Matti Laurio <juha-matti.laurio@xxxxxxxx>
Date: Wed, 6 Sep 2006 04:16:58 +0300 (EEST)
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

New information about the Microsoft Word zero-day vulnerability is available and FAQ document athttp://blogs.securiteam.com/?p=586

has been updated.

This issue has been assigned to CVE-2006-4534, URL
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4534
will work in the near future.

There is information about file sizes of clipbook.exe and clipbook.dll droppedby the malicious Word document.


Word 2000 and Office 2000 are confirmed as affected.

There is information about the length of malicious file as well, it is three 
pages.

Several AV vendors have added detection.

All details are included to FAQ document and its Revision History.


- Juha-Matti

Prev by Date: php download local file include
Next by Date: [OpenPKG-SA-2006.018] OpenPKG Security Advisory (openssl)
Previous by thread: Microsoft Word 0-day Vulnerability (September) FAQ document available
Next by thread: [USN-339-1] OpenSSL vulnerability
Index(es):
- Date
- Thread