Third unpatched vuln menaces Word | The Register

Skip to content

Security:

News Tools

Reg Shops

Top Stories

Read more top stories

Related Whitepapers

Solution Brief: Reduce Energy Costs
With Green IT Solutions
Enforce Your Email and Web Acceptable Usage Policies
Not Just Words
Making Green IT a Reality
Customer Perspectives on the Impact of Storage Vendor Decisions on Power, Cooling, & Space in Enterprise Data Centers
Search Engine Link Spam
Risks, Threats, Solution
The Perfect (Virtual) Marriage
Deduplication and VMware
Eliminating the Security Risk of Sending Confidential Information by Email
Email Encryption

The Register » Security »

Third unpatched vuln menaces Word

No end to the madness in sight

By John Leyden → More by this author

Published Friday 15th December 2006 16:04 GMT

Gartner Report: How IT Management Can "Green" the Data Center - Free Download

Hackers have released an exploit targeting a third unpatched vulnerability in Microsoft Word. The flaw is different from the two previous Word vulnerabilities reported earlier this month, US CERT helpfully explains.

This time around we're dealing with a memory corruption flaw that might be exploited providing users are tricked into opening a malformed Word document to either crash - or load malware onto - vulnerable PCs running Word. Attack code was available at Milw0rm.com, so the potential for mischief is high.

Pending a patch for Microsoft against the trio of unpatched bugs currently at large, US-CERT recommends users to avoid untrusted Word documents or attachments from unsolicited email messages and to use updated anti-virus packages as a way of mitigating the risk of attack. In an echo of Microsoft's advice when the first of these security bugs came out little over a week ago (on December 6) the security clearing house further advises punters not to open unfamiliar or unexpected email attachments, even if sent by a trusted source. ®

Email Encryption report: Eliminating the Security Risk of Sending Confidential Information by Email

Track this type of story as a custom Atom/RSS feed or by email.

Related stories

Zero day Word flaw exploited by Trojan (9 July 2008)
Click here to turn your HP laptop into a brick (21 December 2007)
MS Explorer foundering after UFO strike (23 November 2007)
Microsoft zero-days said to target Office and Windows (11 April 2007)
Malware: Windows is only part of the problem (10 January 2007)
IE 'unsafe' for 284 days last year (5 January 2007)
Security firm erects threat-level aggregator (2 January 2007)
All I want for Christmas... (20 December 2006)
Trojan targets unpatched Word flaw (again) (11 December 2006)
eEye launches 0-day tracker site (7 December 2006)
Unpatched Word flaw menaces civilisation (6 December 2006)
Patch Tuesday omits critical Word fix (14 September 2006)
Unpatched enterprise security bugs proliferate (24 August 2006)
Flaw finders lay siege to Microsoft Office (22 July 2006)
MS June update fixes dangerous Word flaw (14 June 2006)
MS advises users to play safe with Word (24 May 2006)
CERT recommends anything but IE (28 June 2004)

Post to Slashdot

Add to del.icio.us

Previous Article

From small embedded OS to the world's most used open mobile OS

whitepaper title

Solution Brief: Reduce Energy Costs

Energy consumption has become a big issue. Dramatically increase server utilization and significantly reduce energy costs through Virtualization..

whitepaper title

Enforce Your Email and Web Acceptable Usage Policies

Unmanaged employee use of email and the web can subject any organization to costly risks. Learn how clearly written Email and Web Acceptable Usage Policies (AUPs) can protect your business.

Whitepapers	Jobs
Wireless Email Solutions Security Beyond Corporate Boundaries Redefining FOTA deployment in EMEA CollabNet CUBiT	Trading Floor Support Business-minded Perl Hacker for Fast-Growing Biotech Company Sr Perl Developer (Team Lead) Experienced Lead Perl developer for SF startup Perl/Linux Programmer for Telecom ASP

Top 20 stories • All The Week’s Headlines • Archive • Search