Neowin.net - Microsoft Office 2003 Apps Hit with New Crash Bugs

Microsoft Office 2003 Apps Hit with New Crash Bugs

Posted by Daniel Fleshbourne on 27 February 2007 - 13:49 · 4 comments & 1812 views

Microsoft Corp.'s Word 2003 and Excel 2003 can be crashed by attackers who feed the business applications malformed documents, Symantec Corp. reported Monday. In separate alerts sent to subscribers of its DeepSight threat system, Symantec warned that the bugs -- both discovered and disclosed by a Russian researcher with the moniker "sehato" -- could be exploited by attackers to bring down the Office applications. Microsoft did not immediately respond to an e-mail request for confirmation and comment.

"A remote attacker may exploit this vulnerability by presenting a malicious WMF file to a victim user," said Symantec's report on the Office 2003 flaw. "The issue is triggered when the application is used to insert the malicious file into a document." Specially crafted WMF (Windows Metafile) image files were the root of a major attack in late 2005 and early 2006 that was launched from hundreds of malicious Web sites and compromised thousands of PCs. This bug seems to be different from the 2005/2006 vulnerability. The Excel flaw can be leveraged by a malformed spreadsheet file rather than a WMF image, Symantec added.

View: The full story

News source: PCWorld

Hide additional information

About the Author
Full name: Daniel Fleshbourne
Forum name: Daniel
Contact: via forum PM
Submissions: Normal · Headline

Total votes: 0

Bookmark on del.icio.us

Advertisement

#1 Posted by +GreyWolfSC on 27 Feb 2007 - 14:45: Hmm... file this under "Symantec: Immediately suspect"! They forgot to say their shiny new tool is the best way to protect against it.

#2 Posted by Diaboli on 27 Feb 2007 - 14:49: they should concentrate on fixing their own products before complaining about others

#3 Posted by Mr Winkle on 27 Feb 2007 - 18:29: i think you could probably crash most applications by getting them to open "specially crafted corrupt documents". there is always going to be ways to break application import filters by messing around with fundamental constants they rely upon.

but really, this is about as newsworthy as saying 'norton antivirus can never ever be cleanly uninstalled from any computer, ever', says dave down the pub.

absolute nonsense.

#4 Posted by majmac on 27 Feb 2007 - 21:53: Symantec is going all out to discredit Microsoft in general and Vista in particular. Over the past week they have been hitting the web with this and that 'hole' in MS products. Obviously they are upset about something! Then again, their latest anti-virus has been received with underwhelming enthusiasm and that may be the reason.
The cynic would even suggest that Symantec has a nefarious relationship with virus and malware writers as their business depends on people's computers being infected. Not that I am a cynic!

[1]

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Scroll to the Top