Attackers find new flaw in Microsoft's old Word
By Matt Whipp
Posted on 6 Dec 2006 at 11:55
Microsoft has said that its Word software is subject to a flaw which is already being attacked by hackers.
An attacker would have to create a specially modified Word document that the target would have to be persuaded to open. However, Microsoft is providing very little detail as to the nature of the flaw, which affects most currently supported versions of the application, from Word 2000 to 2003, Works 2004 to 2006, Word Viewer 2003, and Word 2004 and 2004 vX for Macs.
The new version in Office 2007 is not believed to be affected.
It says the vulnerability is currently under investigation by Microsoft security experts, and that it is aware of publicly available attack code. 'We are currently investigating a report of a proof of concept which may allow an attacker to execute code on a user's machine by convincing them to open a specially-crafted Word document. We are aware of limited attacks attempting to use the vulnerability reported,' it says.
However, without a patch to fix the flaw, Microsoft's current guidelines on how to avoid an attack are: 'Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources.'
Microsoft's upcoming security bulletin will be released 12 December, although there is no guarantee that a fix will be ready at that date.
From around the web
advertisement
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- Why virtualisation hasn't slowed the growth of data
- How to make Google AdWords work for your business
- The curse of sloppily written software
- Paying for your crimes with Bitcoin
- Behind the scenes: tech support for Formula 1
- The security risk of fat fingers
- Why Windows Phone 7 isn't quite ready for business
- When will Microsoft stop fiddling with Windows 8?
- Flash down the pan?
- Metro Style apps vs desktop applications
advertisement
