Microsoft Issues Word Zero-Day Attack Alert

[ronjor]

Quote:

Microsoft on Dec. 5 warned that an unpatched vulnerability in its Word software program is being used in targeted, zero-day attacks.

A security advisory from the Redmond, Wash., company said the flaw can be exploited if a user simply opens a rigged Word document.

Story

[Mrkvonic]

Hello,
This is where OpenOffice comes into play.
Mrk

[ronjor]

In the meantime, keep your bases covered.

Secunia

[NICK ADSL UK]

Microsoft Security Advisory (929433)
Vulnerability in Microsoft Word Could Allow Remote Code Execution

Microsoft is investigating a new report of limited “zero-day” attacks using a vulnerability in Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word 2004 v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006.

In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker.

As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

http://www.microsoft.com/technet/sec...ry/929433.mspx

[Pedro]

Quote:

Originally Posted by Mrkvonic

Hello,
This is where OpenOffice comes into play.
Mrk

lol, MrK you never miss an opportunity
I guess you can't help it,
Someone

[Rmus]

Assuming that this exploit is similar to the others, here is a description of what happens:

Microsoft Word 0-day Vulnerability FAQ - September 2006
http://blogs.securiteam.com/?p=586

Q: Are there any visual effects informing about the infection?
A: No.

Q: Are there any changes to file system made by related malware?
A: Yes. The file WINWORD.EXE is being dropped to the Windows %Systemroot% folder.

When the related worm activates it will drop the following files:
Windows\System32\clipbook.exe [30,720 bytes]
Windows\System32\clipbook.dll [33,713 bytes]
--------------------------------------------

Of course, no one would knowingly run such a .doc file

But in case of an inadvertant instance, such remote code execution is easily blocked from installing executables by many products today.

-rich


________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier

[ronjor]

Second vulnerability .....

[ronjor]

Exploit Code Targets Third Microsoft Zero-Day Word Bug

Quote:

"Microsoft is investigating new public reports of a possible vulnerability in Microsoft Word [and] will continue to investigate the public reports to help provide additional guidance for customers as necessary," the spokesperson said in an e-mail. "Upon completion of this investigation, Microsoft will take appropriate action [which] may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs."

Story

[ronjor]

Exploit for Word also works with OpenOffice

Quote:

The exploit for the third unpatched security hole in Word reported last week also works in OpenOffice 2.1. If a prepared Word document is opened in OpenOffice Writer under Windows XP SP2, Writer crashes. The dialogue for document recovery then appears. Under Linux, the application also crashes, prompting the message that the main memory is full.

Story

[Mrkvonic]

Hello,

But the second part of the article:

"It has not yet, however, been demonstrated that code can be injected via this weak point in OpenOffice. But there are unconfirmed reports that this is possible."

The program crash versus System infection ...

Mrk