Everything, Everything

2024: J F M A M J J A S O N
2023: J F M A M J J A S O N D
2022: J F M A M J J A S O N D
2021: J F M A M J J A S O N D
2020: J F M A M J J A S O N D
2019: J F M A M J J A S O N D
2018: J F M A M J J A S O N D
2017: J F M A M J J A S O N D
2016: J F M A M J J A S O N D
2015: J F M A M J J A S O N D
2014: J F M A M J J A S O N D
2013: J F M A M J J A S O N D
2012: J F M A M J J A S O N D
2011: J F M A M J J A S O N D
2010: J F M A M J J A S O N D
2009: J F M A M J J A S O N D
2008: J F M A M J J A S O N D
2007: J F M A M J J A S O N D
2006: J F M A M J J A S O N D
2005: J F M A M J J A S O N D
2004: J F M A M J J A S O N D
Another Word Flaw
Tuesday 30th January, 2007 02:20 Comments: 2
The flaw is the fourth vulnerability in Microsoft Word that remains to be patched. In December, targeted attacks used a flaw in Word 2000 to install software onto a victim's PC, and neither that flaw nor two previously discovered, and yet unpatched, flaws were fixed by Microsoft in January.

The company's Office productivity suite came under attack in 2006, with more than 10 times more flaws discovered last year than in 2005, mostly because reearchers can't find problems with "low hanging fruit" Windows anymore and are now looking for the stuff just above it (Office and AV software). Many targets of these attacks are big companies that still use older versions of Office.

I still can't believe that people are surprised that Word 2000 is occasionally vulnerable. This is an Office product that was originally released in 1999, over 7 years ago! It's only in the last few years that the secure development lifecycle was introduced into Microsoft, and why even Office 2003 has a few holes - most of these were found from "fuzzing", which tend to depend on how well the tool was written in the first place, and have many advantages and disadvantages.

Office 2007, especially when paired with Windows Vista, should eliminate the danger from most attacks in the future.
Avatar Yamahito - Tuesday 30th January, 2007 11:36
Another World was brilliant, but flashback was even better.

Oh, wait...
Avatar Robert - Wednesday 31st January, 2007 12:20
A fifth unpatched flaw in Word, this time it's code execution with Word 2003: http://www.securityfocus.com/bid/22328/info
© Robert Nicholls 2002-2024
The views and opinions expressed on this site do not represent the views of my employer.
HTML5 / CSS3