Bug Opens Word to Attack Dec 7, 2006
There's now one more reason to be careful about opening Microsoft Office attachments. Microsoft has warned of a new, unpatched memory corruption error in the word processor, saying it is investigating reports of "limited" attacks that exploit the problem. The bug can be exploited by adding a string of characters in a Word file that can corrupt the PC's memory and allow the attacker to run unauthorized software on the system, Microsoft wrote in a security advisory . The bug affects many versions of the software, including Word 2000, 2002, and 2003, the Word Viewer 2003 and several versions of Microsoft Works. It is rated "critical" by the FrSIRT Web site, which compiles a list of software vulnerabilities. As automatic security updates have become commonplace, attackers have focused more on developing attacks that leverage this kind of unpatched hole in the software, sometimes called zero-day (or 0day) attacks. This trend has forced Microsoft to produce a growing number of software updates in recent months. In particular, hackers turned their attention to Microsoft's Office products, which some researchers consider to be a more fruitful source of bugs than the Windows operating system. "Cyber criminals know that 0days are very vulnerable and can be used to make lots of money," said Cesar Cerrudo, CEO of security research firm Argeniss, in Parana, Argentina. These vulnerabilities can be exploited to install spyware or dangerous Trojan horse programs, or to add the victim's computer to a network of compromised PCs, called a botnet , which can then be used to send out spam or attack other systems, he said. Microsoft's next set of security updates is due to be released on December 12. http://www.pcworld.com/article/id,128092-pg,1/article.html Vikas Kapoor, MSN ID: [EMAIL PROTECTED] Yahoo ID: [EMAIL PROTECTED] Skype ID: dl_vikas Mobile: (+91) 9891098137. To unsubscribe send a message to [EMAIL PROTECTED] with the subject unsubscribe. To change your subscription to digest mode or make any other changes, please visit the list home page at http://accessindia.org.in/mailman/listinfo/accessindia_accessindia.org.in
