A third security flaw in Microsoft Word has emerged, according to some security companies, and a researcher has published code for it that could be used to launch an attack.
Secunia and McAfee said Thursday that a buffer-overflow flaw in the word-processing application could crash a computer and ultimately let an outsider run code on a vulnerable PC.
But Microsoft said it could not confirm the existence of the vulnerability on Thursday, noting that it was still investigating the issue.
"Up until now, it was only the victims of the attack, the attacker and Microsoft who knew how these flaws were exploited," said Thomas Kristensen, Secunia's chief technology officer.
With the third possible vulnerability, the situation could be more serious. A software analyst who calls himself "Disco Jonny" has published proof-of-concept code that appears to use the security hole.
"The impact of the file I released would be a crash in Microsoft Word. This file could be taken and turned into a functioning exploit by a person skilled enough," Disco Jonny said in an e-mail interview. "This could then lead to code, controlled by the person who sent or created the file, being run on the victim's machine in the context of the current user that is logged in."
As such, the proof-of-concept code could serve as a template for hackers to create a functioning malicious attack. It exploits a third flaw, but exactly how the code works is not clear, said Dave Marcus, security research and communications manager at McAfee.
Disco Jonny said that part of his problem in trying to be more specific about the source of the code is that he does not have access to information about the characteristics of the first two Word vulnerabilities. Microsoft has released a security advisory on one of those flaws, and a blog posting on the other, but these do not include much detail.
"From conversations with others, I am pretty sure that this bug is not related to the two current Word issues," Disco Jonny said. "This is a third, as yet unknown vulnerability in Microsoft Word. Without having the other two word issues to look at, I cannot state 100 percent either way."
Incredible how many people like this virus: more than 75% of the market does. It's a shame you can't just remove your ignorance and bias with Add/Remove Programs. Oh well, at least we can always have a laugh. :)
Incredible how many people like this virus: more than 75% of the market does. It's a shame you can't just remove your ignorance and bias with Add/Remove Programs. Oh well, at least we can always have a laugh. :)
No, it's part of Microsoft's world domination Master Plan
Or you could install MS Office 2007 (which is not affected by any of these bugs). Works in PC and Mac, just not in Linux, but who uses Linux anyway, lol? (less than 1% of the market)
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
Whether Apple will release a new iPad next month doesn't seem to be the question as much as what day it will happen. A new rumor has it down to the day.
Tommy Jordan, the man who shot his daughter's laptop for YouTube, gets a visit from police and child protection services. Oh, and Good Morning America.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
There are a lot of things that AT&T's humongous Samsung Galaxy Note smartphone is, like a digital memo pad, a medium-size-reader, and a great photo companion.
As UC Berkeley students, the co-founders of "Back to the Roots" discovered they could grow mushrooms using recycled coffee grounds. Now their mushroom kit sells at grocery stores across the country.
Quiet a few word doc readers throw a fit on that file.
<yawn>
back in your box fanboy.