Help - Search - Members - Calendar
Full Version: Microsoft Word Unspecified Code Execution Vulnerability
BleepingComputer.com > Security > Breaking Virus & Security News
   
Animal
May 19 2006, 04:01 PM
A vulnerability has been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error. This can be exploited to execute arbitrary code.

See this link for complete details: http://secunia.com/advisories/20153/

Be (MS Word) Safe

Da Bleepin AniMod, Animal
quietman7
May 19 2006, 07:07 PM
MS Word Zero-Day Attack

QUOTE
Symantec's DeepSight Threat Analyst Team has escalated its ThreatCon level after confirming the unpatched vulnerability is being used "against select targets."

The exploit arrives as an ordinary Microsoft Word document attachment to an e-mail. However, when the document is launched by the user the vulnerability is triggered to drop a backdoor with rootkit features to mask itself from anti-virus scanners.
security.ithub.com
quietman7
May 20 2006, 07:17 AM
More details about the backdoor is available in the W32/Ginwui.A description.
Ginwui is a fully-featured backdoor with rootkit features.
http://www.f-secure.com/v-descs/ginwui_a.shtml
jgweed
May 20 2006, 09:43 AM
See Also:

US-Cert Cyber Security Alert SA06-229A

http://www.us-cert.gov/cas/alerts/SA06-139A.html

Their advice, until such time as a security patch may be issued:

QUOTE
Solution

Do not open untrusted Word documents

At the time of writing, an update is not available. Do not open
unfamiliar or unexpected Word or other Office documents,
including those received as email attachments or hosted on a web
site.


(Emphasis mine)

Regards,
John
quietman7
May 24 2006, 09:36 AM
QUOTE
Use Microsoft Word in safe mode to protect against targeted zero-day attacks.

That's the advice from Microsoft's security response team to counter known attacks against a serious code execution vulnerability in the widely used word processing program...
Microsoft: Use MS Word in Safe Mode

QUOTE
...To address the threats until Microsoft issues a patch, the SANS Internet Storm Center recommends that organizations use an e-mail system that quarantines attachments for at least six to 12 hours to allow antivirus signatures to catch up. It also suggests setting limits on user administration rights, using proxy servers to control sites accessible to internal users, and employing intrusion-detection systems and firewalls to monitor outbound traffic.

"Note that this is not a temporary situation that will blow over soon. Microsoft will release a patch against this problem in June, but even after that there are likely to be other attacks using other exploits," researchers wrote on the SANS Internet Storm Center Web site...
MS Word Attacks Likely to Continue
quietman7
May 31 2006, 09:33 AM
QUOTE
Microsoft Corp....said it will issue a patch as part of its monthly security update on June 13, or earlier if necessary.
computerworld.com
quietman7
Jun 3 2006, 07:29 AM
Microsoft Security Advisory (919637)
Vulnerability in Word Could Allow Remote Code Execution
Updated: June 2, 2006
QUOTE
Revisions:
• V1.1 (June 2, 2006): Advisory revised to update the “Frequently Asked Questions” section and provide additional clarity around “Step 2 Append /safe to the WINWORD.EXE command line” for “Enterprise Customers using group policy” section under “Always use Microsoft Word in Safe Mode”.

http://www.microsoft.com/technet/security/...ory/919637.mspx
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.