New security hole in Microsoft Word
One would think that such an old and wide-spreaded application as Microsoft Word can be almost bullet-proof. But some hackers just prooved everyone about the exactly opposite: they discovered 0day exploit which can lead to complete control of your computer. The vulnerability was discovered during an actual live attack by anti-virus vendor Symantec. It affects multiple versions of Microsoft Word and can be used in successful code execution attacks against users of Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP.
In the attack scenario discovered by Symantec, a rigged Word document arrives by e-mail with a lure to trick the target into opening the file. “When the infected Word document is opened, it uses an exploit to drop some files onto the computer. These files are back door Trojans that enable an attacker to gain remote access to your computer,” the company warned. Once the exploit is launched, the attacker drops a backdoor Trojan on the infected machine and immediately creates a clean Word document named “Summary on China’s 2006 Defense White paper.doc.” The Trojan then checks for Internet connectivity by visiting various Web sites, such as Microsoft, Google or Yahoo and opens a back door on the compromised computer. More info can be found at the website of Securityfocus. By the way, in December 2006, Microsoft confirmed three separate Word flaws that were being used in code-execution attacks against select targets. They remain unpatched…
Comments(15)
Haha why even use microsofts crapware word when you can use opensource progams that is even better
Regards
meh. tried OpenOffice on suse linux but ended up back at redmond. its just not the same
“One would think that such an old and wide-spreaded application as Microsoft Word can be almost bullet-proof.”
Hello??? Maybe if you live under a rock.
Google for “microsoft word security flaws”, 1.7 million hits
Where is the torrent for that patch?
(If you know what I mean…)
kereoplxop: http://en.wikipedia.org/wiki/Irony
Nothing new. Microsoft crap (aka. products) will always be buggy.
http://www.securityfocus.com/bid/22225/info
so far word 2007 not on the list! anyone know if they even tested it on office 2007?
I like how select sentences and sometimes paragraphs are copied verbatim on this site without any attribution of the source. Come on.
For people who read this news on legitimate new sites, you will see the interesting thing is that these recent attacks may be part of corporate, and possibly government, espionage.
Use a firewall. Word has no business accessing the net. If it is then something’s wrong.
Microsoft Word 2000 Unspecified Code Execution Vulnerability
So, it’s about Word 2000… The article was a little bit confusing, cause I thought it was about all versions. And if you’re stupid enough to open an email from someone you don,t know, download it’s content and launch it on your computer, what can microsoft do about that? Lend you some brain?
Other than feeding ABMer’s pathetic delusions of grandeur, what exactly was the point of this badly copy-and-pasted article? What, if I do a number of really stupid things an ancient version of Word could be compromised? What, y’all think every other old piece of software is bullet proof or something?
fucking americans dont know how to use irony
How to correct this bug??????
AlexC, did you ever consider that pretty much every single company in the world accepts job applications via email?
Guess what, most employers dont know the applicants when they recieve they applications with likely some Word file attachments.
The world is bigger then you and your little personal home computer.
Very exceptional pieces of information. Very nice webpage though. I applaud