The Register® — Biting the hand that feeds IT

MS anti-piracy feature trips up Office for Mac

Ironic, but low-risk, security flaw

Tune into our application security webcast, click here

An anti-piracy feature in Microsoft Office for Mac has been linked to a denial of service risk, prompting Microsoft to issue a security fix.

A feature of the Office v. X software suite, called the Network Product Identification (PID) Checker, detects multiple copies of Office using the same product identifier running on a local network. If a duplicate PID is detected, Office shuts down.

However the software contains a flaw which means that the Network PID Checker doesn't correctly handle a particular type of malformed announcement. This will cause the process to crash, bringing the first loaded application down with it.

In a security notice, Microsoft said; "An attacker could use this vulnerability to cause other users' Office applications to fail, with the loss of any unsaved data.

"An attacker could craft and send this packet to a victim's machine directly, by using the machine's IP address. Or, he could send this same directive to a broadcast and multicast domain and attack all affected machines," it adds.

Any properly configured firewall should block such a malformed request sent over the Internet, and broadcast and multicast traffic should also be restricted on a properly set up network. This, along with the fact the vulnerability can't be used to modify data or crash other applications running on a machine, restricts its seriousness.

Microsoft categorises the vulnerability as low risk and has issued a patch for Microsoft Office v. X that fixes the glitch. ®

Related stories

How I learned to stop worrying, and abandoned Mac OSX
AOL launches Mac OS X software
M$ unveils Office for OS X
Naked at the Moscone: the MacWorld Expo Round-Up

Join our expert panel in discussing application security

Don’t Miss

Win a Samsung C6625!

Reg Lucky Draw Windows Mobile handsets up for grabs

Palm_Pre_001_SMIs your cameraphone an oxymoron?

Pic Review iPhone 3G v iPhone 3GS v Palm Pre

Reg black vulture logoReg Mobile and Wireless newsletter is go! go! go!

Site news Email-tasm

Sign up, sign up for The Register IT security newsletter

Narrowcasting for the email classes