Third Active Attack Weighs Down On Microsoft Word
A Security vendor eEye, revealed that attackers are now exploiting a new loophole in Microsoft Word. The news was posted on the on the vendor's Zero-day Tracker website. This is the third in the series of active attacks on Microsoft word to emerge within a period of just two weeks.
On December 5, 2006, a zero-day exploit was uncovered that allows an attacker to execute remote code against those using Microsoft Office Word. On December 10, 2006 reports confirmed a second exploit of a second vulnerability. Microsoft however says that the exploits were not all that widespread. Nevertheless it advised users to refrain from opening Word files from un-trusted sources.
The exploits came close to Patch Tuesday when Microsoft released its monthly security updates. None of these updates were for the two known exploits and now a third one surfaced, which experts have confirmed.
According to tests, this is certainly a third exploit for Word, which comes with a working proof-of-concept. However, Microsoft has declined to confirm the vulnerability while the reports are being examined, said a company spokesperson.
The vulnerability is capable of automated code execution letting an attacker compromise a vulnerable system and stealing information or running malware. The security flaw affects Word XP, Word 2000, Word 2003 as well as Word Viewer 2003. Microsoft has also received reports that Word v. X for Mac is also vulnerable for exploits, but however is not yet confirmed.
As reported on December 12, 2006 the exploit appears to significantly affect networks under targeted attacks. These attacks could access sensitive information, launch botnet software, as well as carry out common exploitations.
People who often use Word processor to share documents and other information with business, friends etc., will take the attacks more seriously. When users visit a website that hosts the exploited Word file, and attackers use the site to lure and compromise the system it could cause a corruption of Word which, if repeated several times will ultimately crash the system.
The US-CERT (U.S. Computer Emergency Readiness Team) warned that the moment a user opens any specially designed Word document the code launches the attack. The organization therefore recommends users not to open any Word file that comes from unknown sources or unexpectedly from known sources.
Related article: Third Data Breach on Pfizer’s System
» SPAMfighter News - 18-12-2006