New Exploit in Old Word, Says Symantec
Microsoft has patched numerous vulnerabilities in its presently supported operating systems and Office suit but a new exploit has been discovered in older, but still supported, editions of Word.
On October 10, 2007, security vendor Symantec discovered a vulnerability cropped just one day after the patches were released which can destroy each and every version of Word except the latest Word 2007.
A Symantec Security Research Engineer, Orla Cox, claims in a blog post that they were trying to use several combinations of Word versions, languages and patches, and in each case, (except Office 2007) opening the document would result in the destruction of Word, as per the news of InformationWeek on October 11, 2007.
Oral explains after close analysis, they found that the document contains shell code and three other pieces of malware. The most speculating thing about the document was that it was not a standard Microsoft Office document which implies that it was not in the format of OLE. He added that after close examination, it was found that the document had actually been created by using Word for Macintosh.
On October 9, 2007 Microsoft Security Bulletin MS07-060 was issued which has identified Word memory corruption vulnerability in Microsoft Office 2000 Service Pack 3, Microsoft Office XP Service Pack 3 and Microsoft Office 2004 for Mac that allows the remote attacker to execute code.
Another senior researcher at Symantec Security Researcher, Ben Greenbaum, explains that it is not at all worth noticing that the exploit was created on Mac as it was not able to display any inherent weakness in the Mac platform as far as security is concern. He further added that using Mac version of Microsoft Word has restricted the effectiveness of the exploit as many installations in the field would not open the file, as per the news of InformationWeek on October 11, 2007.
However, it is not at all shocking for exploits to appear again after a vendor posts a patch. This practice, which is termed as 'Exploit Wednesday' to match the 'Patch Tuesday' moniker, is used to describe the monthly patches of Microsoft, and has been prohibited by someone.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 30-10-2007