Several new security bugs in the desktop productivity suite have been found and released to the public, including proof-of-concept Word 2007 .docs that could potentially cause code-execution attacks.
The sample .docs have been posted to several known exploit sites, including Milw0rm.com and SecurityVulns.com.
Details on the actual vulnerabilities are scarce. Most appear to be simple denial-of-service issues that cause Word 2007 to crash when the file is opened.
A third bug points to an overflow in wwlib.dll (a core Office library) that could theoretically lead to arbitrary code execution.
The fourth bug released is a heap overflow in in the Microsoft Help subsystem. Again, code execution may be possible.
Microsoft is expected to ship five security bulletins later today to cover a range of Windows flaws but several known Office vulnerabilities will remain unfixed.
[UPDATE: April 10, 2007 at 3:36 PM] Microsoft says it is investigating these flaw reports. A statement from Redmond:
Microsoft is investigating new public reports of possible vulnerabilities in Microsoft Office. Microsoft is not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time. Microsoft will continue to investigate the public reports to help provide additional guidance for customers as necessary.
Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include issuing a security advisory or providing a security update through our monthly release process, depending on customer needs.