Advertisement
Promo

Security threats Toolkit

Second vulnerability found in Word

Dawn Kawamoto CNET News

Published: 12 Dec 2006 09:31 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A second security vulnerability has been discovered in Microsoft Word in less than a week.

The zero-day flaw, which could let an attacker gain remote access to a person's system, affects Word 2000, Word 2002, Word 2003 and Word Viewer 2003, according to a Microsoft security advisory posted on Sunday night. Word 2007 is not affected, Microsoft said.

"From the initial reports and investigation, we can confirm that the vulnerability is being exploited on a very, very limited and targeted basis," Microsoft stated in its advisory.

Nonetheless, security provider Secunia said Monday that it is rating this latest Word security flaw as "extremely critical" because it is unpatched and because malicious attackers are currently exploiting the vulnerability.

In this case, attackers are taking advantage of a flaw that arises when an unspecified error occurs when processing a Word document, Secunia said in its advisory.

Microsoft noted that the vulnerability is different from the security flaw discovered in Word last week, which also is a zero-day problem. In order to activate that flaw, a person would need to open a malicious Word file that was hosted on a website or an attachment that arrives via email.

The software giant is not expected to have patches available for the flaws when it issues its monthly round of security updates on Tuesday.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
288 out of 347 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

1 comment

  1. We expect this from MS though... Wildatsun

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:





Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Official Organizations Losing Data

How does this article from earlier today make you feel? How many more government, health service, or military officials are going to lose pen drives, DVDs, USB hard disks and even entire... More

1 comment

Twitter hack was DNS redirect

Twitter has said an attack on Thursday which took the site offline for many users was the result of a DNS redirect. A group calling itself the Iranian Cyber Army redirected users... More

1 comment

McKinnon lawyers seek judicial review

Lawyers seeking a judicial review for Nasa hacker Gary McKinnon lodged fresh evidence of his psychiatric state at the High Court on Thursday. Karen Todner, McKinnon's solicitor,... More

1 comment

Win a BlackBerry with Vlingo voice recognition

Win a BlackBerry with Vlingo voice recognition

What is ZDNet UK's usual tagline?

Competition closes - 14 Jan 2010


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters