Microsoft Word Zero-Day Attack Discovered - TechRepublic
General discussion
January 26, 2007 at 01:30 AM
kev07

Microsoft Word Zero-Day Attack Discovered

by kev07 . Updated 19 years, 5 months ago

Hey guy did you hear about the latest flaw in microsoft. Just yesterday I heard that Microsoft’s security response team has launched an investigation into reports of a zero-day attack against a previously unknown vulnerability affecting its ever-present Microsoft Word program.
The Redmond, Wash.-based software maker said it’s aware of “very limited attacks” exploiting the reported Word flaw. If the vulnerability?and attack?is confirmed, the company is likely to issue a pre-patch advisory with workarounds or suggested actions or vulnerable customers.
The vulnerability was discovered during an actual live attack by anti-virus vendor Symantec. It affects multiple versions of Microsoft Word and can be used in successful code execution attacks against users of Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
According to an advisory from Symantec, the flaw is unrelated to the three previously known Word bugs that remain unpatched.
In the attack scenario discovered by Symantec, a rigged Word document arrives by e-mail with a lure to trick the target into opening the file.
“When the infected Word document is opened, it uses an exploit to drop some files onto the computer. These files are back door Trojans that enable an attacker to gain remote access to your computer,” the company warned.

This discussion is locked

All Comments