McAfee's Avert Labs reports there are three exploits. Two cause a denial-of-service within the infected computer, throttling the CPU to 100 percent and slowing it way down. The third is reported to be a buffer overflow that allows for remote code execution, but Microsoft (Quote) is denying that.
David Marcus, security research and communications manager for Avert, told internetnews.com that the vulnerabilities don't affect Office 2007, which Microsoft has confirmed. Two of the exploits affect Word and the third affects the HLP files in Office's help system.
Marcus said that the code Avert obtained was proof of concept and not really capable of doing anything. But proof-of-concept malware (define) inevitably means the bad stuff is on its way.
Marcus felt it was odd that sample code got out so soon, since it's in an inert stage. The code was posted to a secret forum for combating viruses by a source Marcus would not identify.
"If I could put my guessing hat on, probably a good-guy security researcher came across these proof of concept codes and decided to share them with the security community. What happened is the rest of the security community got a look at these before it got fleshed out," he said.
Microsoft has yet to say anything on its Security Response Center blog, where it usually announces such findings. The company, along with McAfee (Quote) and other antivirus vendors, are still doing their source code forensics.
In a statement, Microsoft said it is investigating "new public reports of possible vulnerabilities in Microsoft Office. Microsoft is not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time. Microsoft will continue to investigate the public reports to help provide additional guidance for customers as necessary."