A highly critical and unpatched security hole in Microsoft Corp.'s ubiquitous Word software could be used to launch a denial of service attack and give system access.
Discovered by HexView, the hole affects Microsoft Office 2000, Microsoft Office XP, Microsoft Word 2000 and Microsoft Word 2002. It was discovered Thursday and is currently unpatched.
The vulnerability itself is caused by an input validation error in the analysis of document files, which in turn could lead to a stack-based buffer overflow, so when a user opens a modified document it can cause a crash.
The advice given is to open trusted documents only. There is also an added risk for Internet Explorer users, where documents are automatically loaded through the browser unless the Internet security zone security level is set to "high" or the "file download" setting has been disabled.
Security company Secunia Corp. rated the hole "highly critical" in an advisory.
Sign up to receive Security Resource Alerts
A comprehensive security management solution can help you streamline, as well as grow, your current or evolving business. In this way, a strategic security approach can help you increase your competitiveness in these challenging market conditions.
Download now! »
Find out how you can effectively collect, normalize and archive enterprise-wide, security-related data that is invaluable for security investigation and compliance reporting.
Download now! »
This session focuses on the intersection of role management and identity compliance, and addresses the importance of identity compliance in enterprise governance and the challenges that organizations may face in achieving it.
View now! »
Recommend This
