Vendors Warn of Microsoft Word Zero-Day Flaw
<a href="http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1320512,00.html">SearchSecurity.com</a>, <a href="http://www.theregister.co.uk/2008/07/09/zero_day_word_flaw">The Register</a>
Microsoft is echoing warnings from Symantec about an unpatched vulnerability in Word that has become the subject of targeted attacks.Specifically, the flaw affects Office Word 2002, Service Pack 3, enabling a hacker to gain full rights to a user's computer. "At this time, Microsoft is aware of limited, targeted attacks that attempt to use this vulnerability," the company stated in a security advisory that suggests two workarounds while it investigates the problem. "While Microsoft Office Word 2000 does not appear vulnerable to this issue, Word 2000 may unexpectedly exit when opening a specially crafted .doc file that the attacker is using in an attempt to exploit the vulnerability."
Microsoft said the vulnerability -- which follows a low-key Patch Tuesday, as well as a separate security flaw involving its Access database program -- can't be exploited automatically via e-mail.SearchSecurity.com, The Register
Read more about:
2008About the Author(s)
You May Also Like
Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024Extending Access Management: Securing Access for all Identities, Devices, and Applications
June 4, 2024Assessing Software Supply Chain Risk
June 6, 2024Preventing Attackers From Wandering Through Your Enterprise Infrastructure
June 19, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024