Palo Alto Networks Discovers Critical Vulnerability In Microsoft Word

Exploited vulnerability could allow full system access and control

December 11, 2008

2 Min Read


SUNNYVALE, Calif.--(BUSINESS WIRE)--Palo Alto Networks today announced that its Threat Research Team discovered one of the six critical vulnerabilities communicated in Microsoft's Patch Tuesday security bulletin this week.

Prompting the highest vulnerability rating, Microsoft credited Palo Alto Networks exclusively with the discovery of Word Memory Corruption Vulnerability (CVE-2008-4026). The vulnerability exists in the way that Microsoft Word handles certain Word files.

An attacker could deliver a seemingly innocent document to a user via email, IM or as a download from a Website. If opened, the execution would enable an attacker to take complete control of an affected system, allowing them to then install programs; view, change, or delete data; or create new accounts with full user rights. The vulnerability exists in both the Microsoft Office 2003 and 2007 versions.

This vulnerability continues a string of discoveries - five of which have been rated critical - that Palo Alto has discovered and worked with Microsoft to ensure users are protected.

Palo Alto Networks' family of next-generation firewalls protects enterprises from any exploits that take advantage of these vulnerabilities, as well as a broad range of other threats. The Palo Alto Networks Threat Research Team is active in the research community, aggressively pursuing both new vulnerability research and mitigation of all types of threats.

About Palo Alto Networks

Palo Alto Networks(tm) is the leader in next-generation firewalls, enabling unprecedented visibility and granular policy control of applications and content - by user, not just IP address - at up to 10Gbps with no performance degradation. Based on patent-pending App-ID(tm) technology, Palo Alto Networks firewalls accurately identify and control applications - regardless of port, protocol, evasive tactic or SSL encryption - and scan content to stop threats and prevent data leakage. Enterprises can for the first time embrace Web 2.0 and maintain complete visibility and control, while significantly reducing total cost of ownership through device consolidation. For more information, please visit Palo Alto Networks, the Palo Alto Networks Logo, App-ID and PAN-OS are trademarks of Palo Alto Networks, Inc. in the United States. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights