Help
A vulnerability has been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an unspecified error. This can be exploited to execute arbitrary code.
See this link for complete details: http://secunia.com/advisories/20153/
Be (MS Word) Safe
Da Bleepin AniMod, Animal
Page 1 of 1
Microsoft Word Unspecified Code Execution Vulnerability
#1
- Bleepin' Animinion
-
- Group: Site Admin
- Posts: 18,946
- Joined: 18-August 05
- Gender:Male
- Location:Location, Location
Posted 19 May 2006 - 04:01 PM
The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown
A learning experience is one of those things that say, "You know that thing you just did? Don't do that." — Douglas Adams.
Why is the word abbreviation so long?
Follow BleepingComputer on: Facebook | Twitter | Google+
Andrew Brown
A learning experience is one of those things that say, "You know that thing you just did? Don't do that." — Douglas Adams.
Why is the word abbreviation so long?
Follow BleepingComputer on: Facebook | Twitter | Google+
Back to top
#2
- Bleepin' Janitor
-
- Group: Global Moderator
- Posts: 25,518
- Joined: 09-July 05
- Gender:Male
- Location:Virginia, USA
Posted 19 May 2006 - 07:07 PM
MS Word Zero-Day Attack
security.ithub.com
Quote
Symantec's DeepSight Threat Analyst Team has escalated its ThreatCon level after confirming the unpatched vulnerability is being used "against select targets."
The exploit arrives as an ordinary Microsoft Word document attachment to an e-mail. However, when the document is launched by the user the vulnerability is triggered to drop a backdoor with rootkit features to mask itself from anti-virus scanners.
The exploit arrives as an ordinary Microsoft Word document attachment to an e-mail. However, when the document is launched by the user the vulnerability is triggered to drop a backdoor with rootkit features to mask itself from anti-virus scanners.
Microsoft MVP - Consumer Security 2007-2012 
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
#3
- Bleepin' Janitor
-
- Group: Global Moderator
- Posts: 25,518
- Joined: 09-July 05
- Gender:Male
- Location:Virginia, USA
Posted 20 May 2006 - 07:17 AM
More details about the backdoor is available in the W32/Ginwui.A description.
Ginwui is a fully-featured backdoor with rootkit features.
http://www.f-secure.com/v-descs/ginwui_a.shtml
Ginwui is a fully-featured backdoor with rootkit features.
http://www.f-secure.com/v-descs/ginwui_a.shtml
Microsoft MVP - Consumer Security 2007-2012
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
#4
- Forum Addict
-
- Group: Global Moderator
- Posts: 27,613
- Joined: 11-April 04
- Gender:Male
- Location:Chicago, Il.
Posted 20 May 2006 - 09:43 AM
See Also:
US-Cert Cyber Security Alert SA06-229A
http://www.us-cert.gov/cas/alerts/SA06-139A.html
Their advice, until such time as a security patch may be issued:
(Emphasis mine)
Regards,
John
US-Cert Cyber Security Alert SA06-229A
http://www.us-cert.gov/cas/alerts/SA06-139A.html
Their advice, until such time as a security patch may be issued:
Quote
Solution
Do not open untrusted Word documents
At the time of writing, an update is not available. Do not open
unfamiliar or unexpected Word or other Office documents,
including those received as email attachments or hosted on a web
site.
Do not open untrusted Word documents
At the time of writing, an update is not available. Do not open
unfamiliar or unexpected Word or other Office documents,
including those received as email attachments or hosted on a web
site.
(Emphasis mine)
Regards,
John
Whereof one cannot speak, thereof one should be silent.
#5
- Bleepin' Janitor
-
- Group: Global Moderator
- Posts: 25,518
- Joined: 09-July 05
- Gender:Male
- Location:Virginia, USA
Posted 24 May 2006 - 09:36 AM
Quote
Use Microsoft Word in safe mode to protect against targeted zero-day attacks.
That's the advice from Microsoft's security response team to counter known attacks against a serious code execution vulnerability in the widely used word processing program...
That's the advice from Microsoft's security response team to counter known attacks against a serious code execution vulnerability in the widely used word processing program...
Quote
...To address the threats until Microsoft issues a patch, the SANS Internet Storm Center recommends that organizations use an e-mail system that quarantines attachments for at least six to 12 hours to allow antivirus signatures to catch up. It also suggests setting limits on user administration rights, using proxy servers to control sites accessible to internal users, and employing intrusion-detection systems and firewalls to monitor outbound traffic.
"Note that this is not a temporary situation that will blow over soon. Microsoft will release a patch against this problem in June, but even after that there are likely to be other attacks using other exploits," researchers wrote on the SANS Internet Storm Center Web site...
"Note that this is not a temporary situation that will blow over soon. Microsoft will release a patch against this problem in June, but even after that there are likely to be other attacks using other exploits," researchers wrote on the SANS Internet Storm Center Web site...
This post has been edited by quietman7: 24 May 2006 - 09:46 AM
Microsoft MVP - Consumer Security 2007-2012
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
#6
- Bleepin' Janitor
-
- Group: Global Moderator
- Posts: 25,518
- Joined: 09-July 05
- Gender:Male
- Location:Virginia, USA
Posted 31 May 2006 - 09:33 AM
Quote
Microsoft Corp....said it will issue a patch as part of its monthly security update on June 13, or earlier if necessary.
Microsoft MVP - Consumer Security 2007-2012
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
#7
- Bleepin' Janitor
-
- Group: Global Moderator
- Posts: 25,518
- Joined: 09-July 05
- Gender:Male
- Location:Virginia, USA
Posted 03 June 2006 - 07:29 AM
Microsoft Security Advisory (919637)
Vulnerability in Word Could Allow Remote Code Execution
Updated: June 2, 2006
http://www.microsoft.com/technet/security/...ory/919637.mspx
Vulnerability in Word Could Allow Remote Code Execution
Updated: June 2, 2006
Quote
Revisions:
• V1.1 (June 2, 2006): Advisory revised to update the “Frequently Asked Questions” section and provide additional clarity around “Step 2 Append /safe to the WINWORD.EXE command line” for “Enterprise Customers using group policy” section under “Always use Microsoft Word in Safe Mode”.
• V1.1 (June 2, 2006): Advisory revised to update the “Frequently Asked Questions” section and provide additional clarity around “Step 2 Append /safe to the WINWORD.EXE command line” for “Enterprise Customers using group policy” section under “Always use Microsoft Word in Safe Mode”.
http://www.microsoft.com/technet/security/...ory/919637.mspx
Microsoft MVP - Consumer Security 2007-2012
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Share this topic:
Page 1 of 1