Information about claims about unchecked boundary condition vulnerability in Word

Hello, this is Mike Reavey.

I wanted to take a moment and pass on some information about a claim that was posted late Friday about a possible unchecked boundary condition vulnerability in Microsoft Word. The claim was that this could enable an attacker to execute malicous code by convincing a user to open a malformed Word document.

As soon as we saw the claim, we initiated our Security Incident Response Process to investigate.  Our teams have worked on this investigation over the weekend and we’ve been able to determine that the claim is not accurate:  while the Word application will exit unexpectedly, this is not a remotely exploitable vulnerability in Microsoft Word.

As always, we encourage anyone who thinks they’ve found a vulnerability in a Microsoft product to contact us directly in the MSRC at so that we can work with you to investigate what you’ve found and take steps to help protect customers.



*This posting is provided “AS IS” with no warranties, and confers no rights.*