We have been seeing several vulnerabilities of non executable file formats used in the wild recently. For example, we can mention the Trojan.Mdropper.AA family that exploits a bug in a Microsoft Excel file format, or the case of the MSJET vulnerability (still unpatched) that affects MS Access files. The hunt for new vulnerabilities in popular file formats is still a good research area in the security world, especially when we talk about malicious code writers.
A proof of concept of a new bug that affects Windows Explorer has been reported in the wild on the milw0rm Web site. The bug affects the code that parses Word documents in order to extract and display summary information (for example,...
