Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog - Word Zero-Day, So Sayeth Microsoft InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Word Zero-Day, So Sayeth Microsoft

Published: 2006-12-05
Last Updated: 2006-12-05 23:05:27 UTC
by Ed Skoudis (Version: 1)
0 comment(s)
Microsoft released an announcement of a zero-day vulnerability in Microsoft Word.   Read about it here.

Of particular interest, they say:

"Microsoft is investigating new public reports of limited 'zero-day' attacks using a vulnerability in Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word 2004 v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006.  In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker."

Microsoft's advice?  They say, "Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted Word file."

Ok... sure.  Thanks.

--Ed Skoudis
Intelguardians.
Keywords:
0 comment(s)
Diary Archives