main

Microsoft Word Zero-Day Attack Discovered

Daniel Fleshbourne   on 26 January 2007 - 09:36 · 5 comments & 2617 views

Advertisement (Why?)
Microsoft's security response team has launched an investigation into reports of a zero-day attack against a previously unknown vulnerability affecting its ever-present Microsoft Word program. The Redmond, Wash.-based software maker said it's aware of "very limited attacks" exploiting the reported Word flaw. If the vulnerability—and attack—is confirmed, the company is likely to issue a pre-patch advisory with workarounds or suggested actions or vulnerable customers. The vulnerability was discovered during an actual live attack by anti-virus vendor Symantec. It affects multiple versions of Microsoft Word and can be used in successful code execution attacks against users of Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP.

According to an advisory from Symantec, the flaw is unrelated to the three previously known Word bugs that remain unpatched. In the attack scenario discovered by Symantec, a rigged Word document arrives by e-mail with a lure to trick the target into opening the file. "When the infected Word document is opened, it uses an exploit to drop some files onto the computer. These files are back door Trojans that enable an attacker to gain remote access to your computer," the company warned.

View: The full story
News source: eWeek

Share this Article

About the Author

Full name: Daniel Fleshbourne
User name: Daniel
Contact: via forum PM
Submissions: View All
More: View Bio   New!

Related news

Post a comment · Send to friend Comments · There are 5 additional comments
#1 Havin_it on 26 Jan 2007 - 12:09
Not often I get to say this, but I'm glad we use [the unaffected] Word 97 at my office
(1 reply) #2 ahhell on 26 Jan 2007 - 15:44
"This vulnerabilty brought to you by Symantec. Please go by Norton AV."

I think not.

There is a very special layer of hell reserved for child molesters and people who talk in theatres....and Symantec.
#2.1 Croquant on 26 Jan 2007 - 15:46
++
#3 Croquant on 26 Jan 2007 - 16:22
That said, I do belive Microsoft deserves to have some badly phrased and barely reasoned anger directed at their software engeneres since they didn't make the affected versions of Word "Prefect" and "Free of bugs"
So: Bring On The Fanboys!
#4 excalpius on 26 Jan 2007 - 22:29
Yes, the REALLY big news here is that it seems like Symantec actually found a virus! Miracles do indeed happen.

Perhaps it was a false positive.

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)
News powered by Neowin Management System (Build - 5.0.897) © 2000 - 2008 Neowin.net