Microsoft Word Vulnerability
Published on 24 May 2006 · Filed in News · 191 words (estimated 1 minutes to read)Security researchers recently uncovered a zero-day vulnerability in Microsoft Word that allows attackers to install a backdoor Trojan horse on the affected computers.
More information on this vulnerability can be obtained from the following links:
Alert Raised for MS Word Zero-Day Attack <http://www.eweek.com/article2/0,1759,1965042,00.asp>
Microsoft Word Malformed Object Code Execution Vulnerability <http://secunia.com/advisories/20153/>
Microsoft Security Advisory (919637): Vulnerability in Word Could Allow Remote Code Execution <http://www.microsoft.com/technet/security/advisory/919637.mspx>
SecuriTeam Blogs: Mitigating Newly-Reported Word Vulnerability <http://blogs.securiteam.com/index.php/archives/421>
As described in the above articles, there are a number of ways to protect yourself against this vulnerability:
-
Don’t log in with administrative privileges. The exploit fails to work if the user doesn’t have administrative privileges.
-
Use an older version of Microsoft Office. The vulnerability only affects Word 2002/XP and Word 2003. Users of Word 2000 and earlier are apparently not affected.
-
Use the Word Viewer to view documents, as the Viewer is not affected by this vulnerability.
Anti-virus vendors are updating their signatures to try to catch this, but I wouldn’t rely solely upon anti-virus to protect against this vulnerability. A patch has not yet been released from Microsoft, which anticipates releasing a patch for this issue in June.