Hackers target unpatched Office flaw | The Register

Skip to content

Security:

News Tools

Reg Shops

Top Stories

Read more top stories

Related Whitepapers

What Every E-Business Should Know about SSL Security and Consumer Trust
A Verisign Business Guide
SSL in High-Security Browsers
The Browser Security Revolution
The Strategic Role of IT Culture in Business Performance
The Register Desktop Support Seminar
Podcast : Why Today's Spam Filters Fail
Listen or download now
The Register Guides : The status of iSCSI
A Primer on Internet SCSI, a protocol to transport SCSI commands over IP
Virtualization Management
John Gilmartin on Virtualization Management

The Register » Security » Enterprise Security »

Hackers target unpatched Office flaw

Zero-day spectre haunts spreadsheets

By John Leyden → More by this author

Published Monday 5th February 2007 14:32 GMT

How IT Management Can "Green" the Data Center - Free Download

Microsoft has warned of an unpatched vulnerability in its Office productivity suite.

The bug, which arises from an unspecified flaw in handling strings, might be exploited to corrupt memory on a vulnerable system. The flaw allows malware to be loaded onto exposed systems providing users are tricked into opening maliciously-constructed files. Computers running Microsoft Office 2000, Office XP, Office 2003, and Microsoft Office 2004 for Mac are all potentially vulnerable.

The vulnerability is the subject of active hacking attacks albeit to a "very limited" extent, Microsoft warns. Although Excel is currently the sole vector of these zero-day attacks, other Office applications may also be affected. Users are advised not to open untrusted Office documents pending the release of patches from Microsoft. ®

Fixed to Fluid: Enabling Data Center Metamorphosis - Free download

Track this type of story as a custom Atom/RSS feed or by email.

Related stories

Hackers go after Excel (17 January 2008)
One in five apps are insecure (21 December 2007)
Macrovision update plugs zero-day DRM exploit (6 November 2007)
Talking Trojan taunts victims (3 July 2007)
Microsoft releases security tool for Office 2003 (22 May 2007)
MS to 'backport' Office 2007 security improvements (30 April 2007)
Microsoft zero-days said to target Office and Windows (11 April 2007)
Microsoft's search excels in spreading malware (20 March 2007)
The rise of zero-day patches (2 March 2007)
Google set to challenge Microsoft's office monopoly (27 February 2007)
Microsoft probes new Office vulnerability (15 February 2007)
Simon says: let me hack your Vista PC (1 February 2007)
Vista raises the bar for flaw finders (31 January 2007)
MS January patch update omits critical Word fix (10 January 2007)
IE 'unsafe' for 284 days last year (5 January 2007)
eEye launches 0-day tracker site (7 December 2006)
Unpatched Word flaw menaces civilisation (6 December 2006)
Another day, another zero-day MS exploit (28 September 2006)

Post to Slashdot

Add to del.icio.us

Previous Article

From small embedded OS to the world's most used open mobile OS

whitepaper title

The Register Guides : The status of iSCSI

Now that the hype's abated, have companies backing iSCSI have run out of energy and patience, or is the technology becoming commonplace and accepted?.

whitepaper title

Webcast : Why Today's Spam Filters Fail

This webcast covers the cost of spam, how we filter spam today; why it's not good enough, and the advantages of Abaca's new ReceiverNet technology..

Whitepapers
Lean Manufacturing Technology Life online: The perfect website Best practices in managing Total Cost of Ownership Order Management

How IT Management Can "Green" the Data Center

A Gartner Report

Download for free NOW

Top 20 stories • All The Week’s Headlines • Archive • Search