Microsoft Issues Word Zero-Day Attack Alert

ronjor · Dec 6, 2006

Microsoft on Dec. 5 warned that an unpatched vulnerability in its Word software program is being used in targeted, zero-day attacks.

A security advisory from the Redmond, Wash., company said the flaw can be exploited if a user simply opens a rigged Word document.
Click to expand...

Story

Mrkvonic · Dec 6, 2006

Hello,
This is where OpenOffice comes into play.
Mrk

ronjor · Dec 6, 2006

In the meantime, keep your bases covered.

Secunia

NICK ADSL UK · Dec 6, 2006

Microsoft Security Advisory (929433)
Vulnerability in Microsoft Word Could Allow Remote Code Execution

Microsoft is investigating a new report of limited zero-day attacks using a vulnerability in Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word 2004 v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006.

In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker.

As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

http://www.microsoft.com/technet/security/advisory/929433.mspx

Pedro · Dec 6, 2006

Mrkvonic said:

Hello,
This is where OpenOffice comes into play.
Mrk
Click to expand...

lol, MrK you never miss an opportunity
I guess you can't help it,
Someone

Rmus · Dec 6, 2006

Assuming that this exploit is similar to the others, here is a description of what happens:

Microsoft Word 0-day Vulnerability FAQ - September 2006
http://blogs.securiteam.com/?p=586

Q: Are there any visual effects informing about the infection?
A: No.

Q: Are there any changes to file system made by related malware?
A: Yes. The file WINWORD.EXE is being dropped to the Windows %Systemroot% folder.

When the related worm activates it will drop the following files:
Windows\System32\clipbook.exe [30,720 bytes]
Windows\System32\clipbook.dll [33,713 bytes]
--------------------------------------------

Of course, no one would knowingly run such a .doc file

But in case of an inadvertant instance, such remote code execution is easily blocked from installing executables by many products today.

-rich

________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier

ronjor · Dec 11, 2006

Second vulnerability .....

ronjor · Dec 14, 2006

Exploit Code Targets Third Microsoft Zero-Day Word Bug

"Microsoft is investigating new public reports of a possible vulnerability in Microsoft Word [and] will continue to investigate the public reports to help provide additional guidance for customers as necessary," the spokesperson said in an e-mail. "Upon completion of this investigation, Microsoft will take appropriate action [which] may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs."
Click to expand...

Story

ronjor · Dec 19, 2006

Exploit for Word also works with OpenOffice

The exploit for the third unpatched security hole in Word reported last week also works in OpenOffice 2.1. If a prepared Word document is opened in OpenOffice Writer under Windows XP SP2, Writer crashes. The dialogue for document recovery then appears. Under Linux, the application also crashes, prompting the message that the main memory is full.
Click to expand...

Story

Mrkvonic · Dec 19, 2006

Hello,

But the second part of the article:

"It has not yet, however, been demonstrated that code can be injected via this weak point in OpenOffice. But there are unconfirmed reports that this is possible."

The program crash versus System infection ...

Mrk

Log in or Sign up

Microsoft Issues Word Zero-Day Attack Alert

ronjor Global Moderator

Mrkvonic Linux Systems Expert

ronjor Global Moderator

NICK ADSL UK Administrator

Pedro Registered Member

Rmus Exploit Analyst

ronjor Global Moderator

ronjor Global Moderator

ronjor Global Moderator

Mrkvonic Linux Systems Expert

Log in or Sign up

Microsoft Issues Word Zero-Day Attack Alert

ronjor Global Moderator

Mrkvonic Linux Systems Expert

ronjor Global Moderator

NICK ADSL UK Administrator

Pedro Registered Member

Rmus Exploit Analyst

ronjor Global Moderator

ronjor Global Moderator

ronjor Global Moderator

Mrkvonic Linux Systems Expert

Useful Searches