Microsoft Word Exploitable - GoFuckYourself.com

jacked · 10-08-2004, 06:49 AM

By John Leyden
Published Friday 8th October 2004 12:29 GMT

An unpatched security vulnerability in popular older versions of Microsoft Word poses a severe threat to users, security reporting firm Secunia warned yesterday.

The flaw stems from an input validation error in Word. This creates a mechanism for creating malicious files capable of crashing Windows boxes providing a user can be tricked into opening dodgy documents. The bug might also (at least potentially) be used to inject malicious code into vulnerable systems. A buffer overflow vulnerability, the most common class of security vulnerability, is to blame.

The vulnerability has been confirmed in Microsoft Word 2000, but has also been reported in Microsoft Word 2002. The bug has been shown to crash systems. The execution of arbitrary code might also be possible, but remains unproven. The vuln was discovered by white hat hacker HexView, who posted information about it on a full disclosure mailing list - without notifying Microsoft first.

Microsoft is yet to investigate the bug, much less develop a fix. In the meantime, Secunia advises Word users to open only trusted documents. ®

10-08-2004, 06:49 AM	#1
jacked sperm tail Industry Role: Join Date: May 2004 Location: nj Posts: 11,019	Microsoft Word Exploitable By John Leyden Published Friday 8th October 2004 12:29 GMT An unpatched security vulnerability in popular older versions of Microsoft Word poses a severe threat to users, security reporting firm Secunia warned yesterday. The flaw stems from an input validation error in Word. This creates a mechanism for creating malicious files capable of crashing Windows boxes providing a user can be tricked into opening dodgy documents. The bug might also (at least potentially) be used to inject malicious code into vulnerable systems. A buffer overflow vulnerability, the most common class of security vulnerability, is to blame. The vulnerability has been confirmed in Microsoft Word 2000, but has also been reported in Microsoft Word 2002. The bug has been shown to crash systems. The execution of arbitrary code might also be possible, but remains unproven. The vuln was discovered by white hat hacker HexView, who posted information about it on a full disclosure mailing list - without notifying Microsoft first. Microsoft is yet to investigate the bug, much less develop a fix. In the meantime, Secunia advises Word users to open only trusted documents. ® __________________ Got Cam Models? icq: 361-607-616