Quantcast
PC World: Technology Advice You Can Trust
Search
Browse by Topic
Subscribe to magazine

Magazine

Subscribe & Get
a Bonus CD

Customer Service

Audio & Video Business Center Cameras Cell Phones & PDAs Desktop PCs Gadgets Gaming HDTV Laptops Macs & iPods Monitors Printers Software Spyware & Security Storage Upgrading Windows Vista & XP
Resource Centers
Asus Notebook Center
Intel Technology Center
CDW Solution Center
Lenovo Laptop Showcase
Try It Free
White Paper Library
Webcast Library
Most Popular Search Terms
Most Popular Products
Most Popular Downloads
Today at PC World
Today @ PC World
News, opinion, and links from the PC World staff.
Recent entries in this blog:
Tuesday, December 05, 2006 5:54 PM PT Posted by Anne B. McDonald

New Microsoft Word Attack

There's now one more reason to be careful about opening Microsoft Office attachments, says our colleague Bob McMillan at IDG News Service.

Microsoft today issued a warning about a new, unpatched memory corruption error in its word-processing software, and said that it was investigating reports of "limited" attacks that exploit the problem.

The bug can be exploited by adding a string of characters in a Word file that can corrupt the PC's memory and allow the attacker to run unauthorized software on the system, Microsoft wrote in a security advisory. The bug affects many versions of the software, including Word 2000, 2002, and 2003, the Word Viewer 2003 and several versions of Microsoft Works. It is rated 'critical' by the FrSIRT Web site, which compiles a list of software vulnerabilities.

Bad Trend

As automatic security updates have become commonplace, attackers have focused more on developing attacks that leverage this kind of unpatched hole in the software, sometimes called 0day attacks. This trend has forced Microsoft to produce a growing number of software updates in recent months.

In particular, hackers turned their attention to Microsoft's Office products, which some researchers consider to be a more fruitful source of bugs than the Windows operating system.

Their vulnerabilities can be exploited to install spyware or dangerous Trojan horse programs, or to add the victim's computer to a network of compromised PCs, called a botnet, which can then be used to send out spam or attack other systems, one source told Bob.

Microsoft's next set of security updates is due to be released on December 12.

Comments
Post a comment Post a comment
Recent Posts
More Bad News for Blu-Ray
McCain Pushes Fair Use on YouTube
Firefox Update Enters Beta
Googling Is Good For Your Brain
Apple vs. the Economy: Can the New Macs Really Sell?
Motorola, Verizon Deliver ZN4 Touch-Screen: Krave
Pimp Your Flip Mino with Customizable Designs
Archives
View posts from:
 

PC World's Marketplace

PC World's Free Whitepapers

QUICK LINKS: cheap laptops cell phones laser printers HDTV reviews LCD TV Plasmas digital cameras laptop reviews security antivirus windows vista reviews digital camera reviews inexpensive desktop LCD wide screen monitors
tech news tech blogs community & forums laptop prices software reviews downloads
About UsContact UsAdvertiseASME GuidelinesNewslettersFAQIDG InternationalMagazine Customer Service
© 1998-2008, PC World Communications, Inc.Terms of Service AgreementPrivacy PolicyCommunity Standards
RSS FeedsXML

Visit other IDG sites: