A new critical vulnerability in Microsoft Word has been disclosed.
This is a serious vulnerability that could allow program code execution on a user's computer.

The type of vulnerability is a buffer overflow, which - when exploited, could execute program code on the victim's computer with the priveleges of the logged-in user.

Microsoft has published an advisory for this in its Security Center Response Blog: http://blogs.technet.com/msrc/archive/2006/05/20/429612.aspx (opens in a separate browser window).

As of this writing no patch for the vulnerability is available.

Norman recommends that users are careful when opening Word documents that you did not expect to receive.

More information is also available from (links open in separate browser windows):

• UC-CERT's Technical Cyber Security Alert TA06-139A
• SANS

This advisory will be updated when more information is available.

Update 25 May 2006:

Microsoft has published a Security Advisory regarding the vulnerability (link opens in a separate browser window).

Update 14 June 2006:

Microsoft has released a patch for the vulnerability. More information in Microsoft's Security Bulletin MS06-027 ((link opens in a separate browser window).