We have all heard about the recent Word flaw that has been exploited by targeted attacks (if you are now familiar with those, read  and ). If you have an account on OpenRCE (free), you can also read Kostya's blog on the topic.
However, reading Technet Flash Volume 8/Issue 11 from Microsoft (currently available here, or later in the archives), I was wondering about the following line:
"Microsoft Security Advisory (919637): Vulnerability in Word Could Allow Remote Code ExecutionSo the flaw would lie in the "Smart Tags" feature of Word. This feature is in charge of converting "1. L" to "1 liter", and was not present in Office 2000, which is unaffected by the flaw.
Microsoft has released an advisory on a zero-day exploit that could affect users of Word Smart Tags."
I could not help but thinking about the following post I have discarded a few weeks ago:
Possible Overflow in MS Word 2003Strange coincidence, isn't it ?
I've found a bug in Word 2003, that could possibly lead to a buffer overflow.
To reproduce the bug, you have simply to create a document with a word of 32 or 33 characters (letters or numbers), followed by "." and some other character. Ex.:
01234567890123456789012345678901. TestThe text above should crash MS Word 2003, with Buffer Overrun error.
PS. To be safe from this flaw, just use "winword.exe /safe". This is not a joke.