Word open to exploit
Unpatched vuln
Posted in Enterprise Security, 8th October 2004 12:29 GMT
Free whitepaper – Solid State Drives and High-Speed Memory
An unpatched security vulnerability in popular older versions of Microsoft Word poses a severe threat to users, security reporting firm Secunia warned yesterday.
The flaw stems from an input validation error in Word. This creates a mechanism for creating malicious files capable of crashing Windows boxes providing a user can be tricked into opening dodgy documents. The bug might also (at least potentially) be used to inject malicious code into vulnerable systems. A buffer overflow vulnerability, the most common class of security vulnerability, is to blame.
The vulnerability has been confirmed in Microsoft Word 2000, but has also been reported in Microsoft Word 2002. The bug has been shown to crash systems. The execution of arbitrary code might also be possible, but remains unproven. The vuln was discovered by white hat hacker HexView, who posted information about it on a full disclosure mailing list - without notifying Microsoft first.
Microsoft is yet to investigate the bug, much less develop a fix. In the meantime, Secunia advises Word users to open only trusted documents. ®
Related stories
Microsoft warns of poisoned picture peril
MS launches Office security blitz
Word 97 feature spawns no-brainer pilfering exploit
Free whitepaper – Ensuring service assurance in the new normal
The Register Guide to Extended Validation
The Evolving Security Landscape
The Impact of IT Security Attitudes
Risk and Resilience
Linux on the Desktop
