When the Mozilla organization issued a patch for its Web browser last week it opened up a can of worms. It now appears that the software vulnerability discovered by Mozilla might also affect MSN Messenger and Word.
Popular Microsoft Corp. products may be vulnerable to a security vulnerability that is similar to one patched for the Mozilla Web browsers last week. Microsoft's MSN Messenger and Word word processing application both support a feature that could give remote users access to functions that could be used launch applications on Windows computers, according to an alert from Secunia, which tracks software vulnerabilities.
A Microsoft spokeswoman said the company is investigating the reports, but is not aware of any attacks using the vulnerabilities. The applications both fail to restrict access to the "shell:" URI (Universal Resource Identifier), a feature that allows Windows users or software applications to launch programs associated with specific file extensions such as doc (associated with Word) or txt (associated with Notepad, the Windows text editing program), said Secunia, of Copenhagen.
News source: InfoWorld