Has Microsoft Fixed This yet??

Discussion in 'Computer Support' started by Au79, Jan 19, 2007.

  1. Au79

    Au79 Guest

    It's been over a month now....

    Third attack hits Microsoft Word

    Three's company for text editor flaws

    Shaun Nichols in California, vnunet.com 15 Dec 2006

    Attackers have started exploiting a new vulnerability in Microsoft Word,
    security vendor eEye disclosed on its Zero-day Tracker website. The
    vulnerability is the third active Word exploit to surface in two weeks.

    Microsoft has not confirmed the vulnerability, but a spokesman told
    vnunet.com that the company is investigating the reports.

    The vulnerability could allow for remote code execution, allowing an
    attacker to take control of a vulnerable system and steal information or
    install malware.

    The flaw affects Word 2000, Word XP, Word 2003 and Word Viewer 2003.
    Microsoft also said that it has received reports of Word v.X for Mac being
    vulnerable to the exploit, but could not confirm the reports.

    Security company Secunia lists the vulnerability as 'highly critical', the
    firm's highest level of security alert.

    The US Computer Emergency Readiness Team (US-Cert) said that the exploit is
    launched when a user opens a specially crafted Word document.

    The organisation recommends that users avoid opening any Word document that
    originates from untrusted sources, or files that arrive unexpectedly from
    trusted sources.

    US-Cert also warned that filtering files by extension name (such as .doc)
    may not protect users from attack, because Word will open files with the
    correct file header information regardless of the extension name.

    If confirmed, this will be the third active exploit to be released for
    Microsoft Word since 6 December. Neither of the other two Word
    vulnerabilities were addressed in last Tuesday's security patch release
    from Microsoft.

    Au79, Jan 19, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.