-
X'Mas Brings a 'Bugged' MS Word
Techtree News Staff, Dec 12, 2006 1054 hrs ISTSeems the season of good cheer cometh along with its share of vulnerabilities, at least for Microsoft...
Seems the season of good cheer cometh along with its share of vulnerabilities, at least for Microsoft...
Just last Tuesday, a vulnerability was reported in Microsoft Word that could allow remote code execution by means of a specially crafted file.
And now, Microsoft has acknowledged another bug in Microsoft Word, which can also be exploited through specially crafted files. The company said the newest flaw is unrelated to the first vulnerability, but that it is being investigated.
The first vulnerability affects Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v. X for Mac. Apart from Microsoft Word, the vulnerability also affects programs, including Microsoft Word Viewer 2003, and Microsoft Works 2004, 2005, and 2006.
The second flaw meanwhile, affects Word 2000, 2002, 2003, and Word Viewer 2003. Just that the newly released Microsoft Word 2007 is spared by this bug.
Scott Deacon from the Microsoft Security Response Center (MSRC) wrote on a MSRC Blog that from initial reports and investigation, it can be confirmed that the second vulnerability is being exploited on a very, very, limited and targeted basis.
However, Deacon adds that a successful attack would require a user to either open a Word document attached to a malicious email, or to download a Word file from a Web site, and that this could completely compromise the PC.
Meanwhile, security major, McAfee, has reported spotting attackers planting a password-stealing Trojan horse named "PWS-Agent.g" using the latest Word exploit. According to McAfee, the Trojan steals passwords from Internet Explorer, Firefox, and POP3 email clients. Another security firm, Secunia, has ranked the second Word bug as "extremely critical", just like last week's flaw.
As per Microsoft's advance notice of patches it plans to release today, neither of these Word flaws will be fixed this month. However, as a precautionary measure, the company advises users not to open files from unfamiliar sources.
Just last Tuesday, a vulnerability was reported in Microsoft Word that could allow remote code execution by means of a specially crafted file.
And now, Microsoft has acknowledged another bug in Microsoft Word, which can also be exploited through specially crafted files. The company said the newest flaw is unrelated to the first vulnerability, but that it is being investigated.
The first vulnerability affects Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v. X for Mac. Apart from Microsoft Word, the vulnerability also affects programs, including Microsoft Word Viewer 2003, and Microsoft Works 2004, 2005, and 2006.
The second flaw meanwhile, affects Word 2000, 2002, 2003, and Word Viewer 2003. Just that the newly released Microsoft Word 2007 is spared by this bug.
Scott Deacon from the Microsoft Security Response Center (MSRC) wrote on a MSRC Blog that from initial reports and investigation, it can be confirmed that the second vulnerability is being exploited on a very, very, limited and targeted basis.
However, Deacon adds that a successful attack would require a user to either open a Word document attached to a malicious email, or to download a Word file from a Web site, and that this could completely compromise the PC.
Meanwhile, security major, McAfee, has reported spotting attackers planting a password-stealing Trojan horse named "PWS-Agent.g" using the latest Word exploit. According to McAfee, the Trojan steals passwords from Internet Explorer, Firefox, and POP3 email clients. Another security firm, Secunia, has ranked the second Word bug as "extremely critical", just like last week's flaw.
As per Microsoft's advance notice of patches it plans to release today, neither of these Word flaws will be fixed this month. However, as a precautionary measure, the company advises users not to open files from unfamiliar sources.
Related Links
Tag keywords
Opinion Poll
- Which desktop web browser do you use?
-
Internet Explorer
Firefox
Chrome
Safari
Opera
Other (specify in comments)
Poll Results View Previous Polls