Researchers at email and data security company
Mimecast have uncovered a bug in Microsoft Word that can be used to bypass security systems.
The bug incorrectly handles integer overflows and can be used to circumvent security systems and fool parsers to deliver remote code that can take complete control over a compromised machine.
The problem has been reported to Microsoft which has acknowledged that it is unintended behavior. It has declined to release a security patch at this time though, as the issue on its own does not result in memory corruption or code execution. The problem may be fixed at a later date.
More information on the issue can be found on the
Mimecast blog.
