Rootkit spreading via new MS Word exploit

Discussion in 'other security issues & news' started by zoned, May 19, 2006.

Thread Status:
Not open for further replies.
  1. zoned

    zoned Registered Member

    Joined:
    Apr 21, 2006
    Posts:
    11
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    Microsoft Word Unspecified Code Execution Vulnerability

    Secunia
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    Brian Krebs
     
  4. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    To be honest, it is sad that a textfile like Word .doc files
    can contain malware that can harm your computer.
    :oops:

    I think it is very clever to design a textfile format that
    can do this, no other company in the world has ever done this before!

    In 35 years of making texteditors all over the world (hundreds of thousands versions), this was never done before!

    So we ICT security specialists, don't have to worry, that we get out of work.
    Now we have to wait, for someone that can exploit Wordpad or notepad.

    :D

    So don't use the free version of OpenOffice!
    or use the very cheap Ability office, or very cheap Star-Office or very cheap Ashampoo's etc.
    Although you can do anything you have to with this software, and is compatible with all the other ones.
    Don't use it. It is to fast , to stable, and get's us out of business.

    So use the one that costs just as much as a new pc :D

    (of course this is a joke)
     
  5. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,089
    Zero-day Word flaw used in attack
    http://news.com.com/Zero-day Word flaw used in attack/2100-1002_3-6074403.html?tag=nefd.top
    Microsoft is readying a security update for Word that repairs this vulnerability, a company representative said in an e-mailed statement. The fix is scheduled to be released as part of the June 13 security updates, or sooner, if warranted, the representative said.

    The malicious software arrives as a Microsoft Word file attachment to an e-mail message. When the document is opened by the user, the vulnerability is triggered.

    -- Tom
     
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Strictly speaking, Word.doc files are formatted text which can execute code (remember the macro virus), whereas notepad.txt files are text-only files.

    When I set up a system for someone, I install MSWordViewer. This free program lets people view .doc files, and will not execute code.

    Then I configure the MIME types in the email program to pass .doc files to MSWordViewer instead of to MSWord. This is especially useful for those who receive .doc files via email as part of their work, as I have for years in my teaching, so as to receive/read students' Word.doc files without danger.

    IMO, MSWordViewer should be a part of one's security aparatus.

    http://www.microsoft.com/downloads/...87-8732-48D5-8689-AB826E7B8FDF&displaylang=en


    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
  7. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    As one slashdot commentator noted:

    :D
     
  8. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    That is an easy one for me to avoid, it's spam. :)
     
  9. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,694
    Hello,
    Solution - use Open Office.
    Mrk
     
  10. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    I wonder if the office file viewer is vulnerable too
     
  11. rafael

    rafael Registered Member

    Joined:
    Apr 30, 2006
    Posts:
    48
    Thanks for all these info. I wish computing would be easy and simple in future.
     
  12. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    What happens if you click on a word doc link directly from the web browser?

    Will that work too?
     
  13. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    I'd think it would be as it embeds word into IE doesn't it ?
     
  14. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    You can configure the browser to pass .doc to MSWordViewer. The Viewer does not run code.
     

    Attached Files:

    • doc2.gif
      doc2.gif
      File size:
      28.2 KB
      Views:
      371
  15. EASTER.2010

    EASTER.2010 Guest

    NOT IF you are protected by a good HIPS program that intercepts whatever call that little lame exploit might try to spring on you.

    People need to turn to HIPS and really get off the pot with depending on obsolete softs that always allows most anything "NEW" to slip past these AV's and other products since they are useless and helpless to control the REAL control systems of Windows anyway.
     
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    I run MS Office in non admin mode and a good HIPS should be able to stop a driver from loading. But since I do not have a copy of the exploit, I do not know if the exploit can perhaps bypass these restrictions. :rolleyes:
     
    Last edited: May 21, 2006
  17. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,526
    Location:
    Arkham Asylum
    So which HIP programs actually stop this?
     
Loading...
Thread Status:
Not open for further replies.