Second zero-day flaw found in Word

By Dawn Kawamoto, CNET News.com
Tuesday, December 12, 2006 09:36 AM

A second security vulnerability has been discovered in Microsoft Word in less than a week.

The zero-day flaw, which is could let an attacker gain remote access to a person's system, affects Word 2000, Word 2002, Word 2003 and Word Viewer 2003, according to a Microsoft security advisory posted Monday. Word 2007 is not affected, Microsoft said.

"From the initial reports and investigation, we can confirm that the vulnerability is being exploited on a very, very limited and targeted basis," Microsoft stated in its advisory.

Nonetheless, security provider Secunia said Monday that it is rating this latest Word security flaw as "extremely critical" because it is unpatched and because malicious attackers are currently exploiting the vulnerability.

In this case, attackers are taking advantage of a flaw that arises when an unspecified error occurs when processing a Word document, Secunia said in its advisory.

Microsoft noted that the vulnerability is different from the security flaw discovered in Word last week, which also is a zero-day problem. In order to activate that flaw, a person would need to open a malicious Word file that was hosted on a Web site or an attachment that arrives via e-mail.

The software giant is not expected to have patches available for the flaws when it issues its monthly round of security updates next week.


WORTHWHILE?

0

0 votes
Blog

Talkback 0 comments

There are currently no comments for this post.


Tech Jobs Now!

Search for your ideal tech job:

News from Countries/Region

Common ways IT wastes money on development

Web Development

Examples include using developers as support staff and failing to calculate a project's ROI before giving it the go-ahead.


Read more »



  • Enterprise 2.0

    Vince Casarez, vice president of product management at Oracle, explains how Web 2.0 technologies, such as tags, wikis, and mash-ups, can be applied within an organization.
    Play video


  • Nehalem Architecture

    What makes next-generation Intel® Microarchitecture (Nehalem) such a superior successor?
    Play video

 
On demand CRM goes strategic
CRM technology has come of age, and is now able to align with your customer strategy and grow in step with your business.

» Learn more about Oracle’s CRM Solutions


Free the untapped potential of your IT infrastructure
Reduce bottlenecks to drive the efficiency and productivity of Business IT.
» Ultimate virtualization blade
» Scalable SAN solution
» Accelerate service delivery

Could this be the most critical budget for India?

Blog thumbnail

For business journalists in India, budget time is excitement time. It's like sports journos covering the Olympics. As a newspaper correspondent, I too had my fill of budget-time excitement. But..... by Swati Prasad

Read more »

Tags

  1. attack
  2. bank
  3. blog
  4. data security
  5. e - mail
  6. hacking
  7. internet
  8. malware
  9. microsoft corp.
  10. network
  11. network security
  12. pc security
  13. researcher
  14. security
  15. security management
  16. software
  17. spam and phishing
  18. u.s.
  19. viruses and worms
  20. web