Folks are always encouraged to be cautious with attachments on email, but if you’re using MS Word you want to be extra cautious. Microsoft has published a security advisory titled, “Vulnerability in Microsoft Word Could Allow Remote Code Execution.” Here are the high points:
Microsoft is investigating a new report of limited “zero-day” attacks using a vulnerability in Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word 2004 v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006.
In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker.
As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources.
From the FAQ:
How could an attacker exploit the vulnerability?
In a Web-based attack scenario, an attacker would have to host a Web site that contains a Word file that is used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker’s site.In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a specially-crafted file to the user and by persuading the user to open the file.
I’m so happy that we have free alternatives! I know I, personally, will be using Zoho Writer at work for the next few days until this is patched. Google Docs & Sheets or any other web based word processor would be a good alternative as well.
Possibly Related posts:
December 6th, 2006 
Tags: 
