Third attack hits Microsoft Word

By

Three's company for text editor flaws.

Third attack hits Microsoft Word
Attackers have started exploiting a new vulnerability in Microsoft Word, security vendor eEye disclosed on its Zero-day Tracker website. The vulnerability is the third active Word exploit to surface in two weeks.  

Microsoft has not confirmed the vulnerability, but a spokesman told vnunet.com that the company is investigating the reports. 

The vulnerability could allow for remote code execution, allowing an attacker to take control of a vulnerable system and steal information or install malware.

The flaw affects Word 2000, Word XP, Word 2003 and Word Viewer 2003. Microsoft also said that it has received reports of Word v.X for Mac being vulnerable to the exploit, but could not confirm the reports.

Security company Secunia lists the vulnerability as 'highly critical', the firm's highest level of security alert. 

The US Computer Emergency Readiness Team (US-Cert) said that the exploit is launched when a user opens a specially crafted Word document. 

The organisation recommends that users avoid opening any Word document that originates from untrusted sources, or files that arrive unexpectedly from trusted sources.

US-Cert also warned that filtering files by extension name (such as .doc) may not protect users from attack, because Word will open files with the correct file header information regardless of the extension name.

If confirmed, this will be the third active exploit to be released for Microsoft Word since 6 December. Neither of the other two Word vulnerabilities were addressed in last Tuesday's security patch release from Microsoft.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?