Microsoft Word Vulnerability

BeerCheeze · Posted: Sat, 20 May 2006 00:19:11 Post Subject: Microsoft Word Vulnerability

Systems Affected

* Microsoft Word 2003
* Microsoft Word XP (2002)

Microsoft Word is included in Microsoft Works Suite and Microsoft Office. Other versions of Word, and other Office programs may be affected or act as attack vectors.

Overview

A buffer overflow vulnerability in Microsoft Word could allow an attacker to execute arbitrary code on a vulnerable system.

I. Description

Microsoft Word contains a buffer overflow vulnerability. Opening a specially crafted Word document, including documents hosted on web sites or attached to email messages, could trigger the vulnerability.

Office documents can contain embedded objects. For example, a malicious Word document could be embedded in an Excel or PowerPoint document. Office documents other than Word documents could be used as attack vectors.

For more information, please see Vulnerability Note VU#446012.

II. Impact

By convincing a user to open a specially crafted Word document, an attacker could execute arbitrary code on a vulnerable system. If the user has administrative privileges, the attacker could gain complete control of the system.

III. Solution

At the time of writing, there is no complete solution available. Consider the following workarounds:

Do not open untrusted Word documents

Do not open unfamiliar or unexpected Word or other Office documents, including those received as email attachments or hosted on a web site. Please see Cyber Security Tip ST04-010 for more information.

Do not rely on file extension filtering

In most cases, Windows will call Word to open a document even if the document has an unknown file extension. For example, if document.d0c (note the digit "0") contains the correct file header information, Windows will open document.d0c with Word.

Appendix A. References

* Vulnerability Note VU#446012 -
<http://www.kb.cert.org/vuls/id/446012>

* Cyber Security Tip ST04-010 -
<http://www.us-cert.gov/cas/tips/ST04-010.html>

BeerCheeze · Posted: Sat, 20 May 2006 00:21:23 Post Subject:

This is actually pretty serious. There is an attack in the wild. To what I know so far, it has only been a targeted attack. But, it's very possible I only know part of the story.

Once again, this is kindly brought to us by our "friends' in Asia (Taiwan and China is what I heard).

Blue|Fusion · Posted: Sat, 20 May 2006 01:10:06 Post Subject:

It's people like that that makes me wish they were back working as extrmelely cheap child labor with their arms being ripped off by machinery. I'm not racist; I hate everyone equally :-D . But in all seriousness...can't these script kiddies just do something that contributes to technology instead of breaking it?

LaTech · Posted: Sat, 20 May 2006 08:49:13 Post Subject:

By drawing attention to a potential problem, aren't they contributing to technology (albeit in a back-handed sort of way)?

Blue|Fusion · Posted: Sat, 20 May 2006 09:29:40 Post Subject:

You can argue that but why learn about an exploit, use that exploit to noone's advantage, and let someone else make the fix? Why do people like to ruin stuff for other people when they have the abilities to fix the exploit themselves as they clearly have alot of potential in coding.

BeerCheeze · Posted: Sat, 20 May 2006 10:31:16 Post Subject:

Errr... if this came out of China or Taiwan.... it wasn't a "script kiddie". It was the government.

T-shirt · Posted: Sat, 20 May 2006 15:30:11 Post Subject:

BeerCheeze · Posted: Sat, 20 May 2006 22:45:37 Post Subject:

T-shirt · Posted: Sun, 21 May 2006 14:14:40 Post Subject:

trouble is What is really made in the good old USA anymore?
sure some companies are based here, but look at where the parts, assembly, much of the support, and some of the software comes from.
I guess the cia,nsa, etc. will be using notebooks with a pad of paper in them.

vanilla · Rated PG Joined: 22 May 2006 Posts: 8

I wish companies or inviduals for that matter, would report any serious bugs directly to Microsoft. And Microsoft should get a slap on the backside for not having an easy way for people to report serious bugs to them.

When a bug is posted on the internet, and everyone knows about it, that is when the exploits occur. If the bugs were reported without revealing them to the public, and then chances are they could of been fixed, before any virus writers or exploiters could make use of them.