Microsoft Word Malformed Data Structures Vulnerability
A vulnerability exists in Microsoft Word that could allow for arbitrary code execution. This could be exploited successfully if a victim were to open a specially crafted Word document obtained via an email attachment or downloaded from a malicious website.
Microsoft Word is an industry standard word processing application. A vulnerability is present in Microsoft Word that may allow for arbitrary remote code execution. The flaw lies in processing of Microsoft Word documents containing certain malformed data structures. The resulting memory corruption could allow a remote attacker the ability to execute code at the rights level of the victim.
If you suspect a file was falsely detected (a false positive
) or appears suspicious, then you should submit a sample to the anti-virus's lab for analysis. Most anti-virus vendors have instructions for sample file submissions
posted on their web sites. Once a file is received, a technician can examine it in more detail and provide a report letting you know the results. You should also contact and advise the program vendor that one of their files is being detected as a threat. In many cases they will work with the anti-virus techs in an attempt to resolve the detection.
McAfee VirusScan includes the ability to submit suspicious files directly from the Quarantine feature to the McAfee AntiVirus Emergency Response Team (AVERT) for research. See Submit a Sample To McAfee
. You can also use the McAfee Labs Tool via ServicePortal & Platinum Portal
are text string messages
given to a Web browser by a Web server. Whenever you visit a web page or navigate different pages with your browser, the web site generates a unique ID number which your browser stores in a text (cookie) file that is sent back to the server each time the browser requests a page from that server. Cookies allow third-party providers such as ad serving networks, spyware or adware providers to track personal information. The main purpose
of cookies is to identify users and prepare customized Web pages for them.
- Persistent cookies have expiration dates set by the Web server when it passes the cookie and are stored on a user's hard drive until they expire or are deleted. These types of cookies are used to store information between visits to a site and collect identifying information about the user such as surfing behavior or preferences for a specific web site.
- Session (transient) cookies are not saved to the hard drive, do not collect any information and have no set expiration date. They are used to temporarily hold information in the form of a session identification stored in memory as you browse web pages. These types of cookies are cached only while a user is visiting the Web server issuing the session cookie and are deleted from the cache when the user closes the session.
Cookies can be categorized as:
- Trusted cookies are from sites you trust, use often, and want to be able to identify and personalize content for you.
- Nuisance cookies are from those sites you do not recognize or often use but somehow it's put a cookie on your machine.
- Bad cookies (i.e. persistent cookies, long term and third party tracking cookies) are those that can be linked to an ad company or something that tracks your movements across the web.
The type of persistent cookie that is a cause for some concern are "tracking cookies
" because they can be considered a privacy risk
. These types of cookies are used to track your Web browsing habits (your movement from site to site). Ad companies use them to record your activity on all sites where they have placed ads. They can keep count of how many times you visited a web page, store your username and password so you don't have to log in and retain your custom settings. When you visit one of these sites, a cookie is placed on your computer. Each time you visit another site that hosts one of their ads, that same cookie is read, and soon they have assembled a list of which of their sites you have visited and which of their ads that you have clicked on. Cookies are used all over the Internet and advertisement companies often plant them whenever your browser loads one of their banners.Cookies are NOT a "threat"
. As text files they cannot be executed to cause any damage. Cookies do not
cause any pop ups or install malware and they cannot erase or read information from a computer.
Microsoft's Description of Cookies
Cookies cannot be used to run code (run programs) or to deliver viruses to your computer.
To learn more about Cookies, please refer to:Flash cookies
(or Local Shared Objects
) and Evercookies
are a newer way of tracking user behavior and surfing habits but they too are not a threat, nor can they harm your computer.
new storage methods. When evercookie finds that other types of cookies have been removed, it recreates them so they can be reused over and over
are cookie-like data stored on a computer and used by all versions of Adobe Flash Player and similar applications. They can store much more information than traditional browser cookies and they are typically stored within each user’s Application Data directory with a ".SOL" extension, under the Macromedia\FlashPlayer\#SharedObjects folder. Unlike traditional cookies, Flash cookies cannot be managed through browser controls so they are more difficult to find and remove. However, they can be viewed, managed and deleted using the Website Storage Settings panel
at Macromedia's Support Site. From this panel, you can change storage settings for a website, delete a specific website or delete all sites which erases any information that may have been stored on the computer. To prevent any Flash Cookies from being stored on your computer, go to the Global Storage Settings panel
the option “Allow third-party Flash content to store data on your computer”
. For more information, please refer to:As long as you surf the Internet, you are going to get cookies
and some of your security programs will flag them for removal. However, you can minimize the number of them which are stored on your computer by referring to:Third party utilities to Manage (view & delete) Cookies: