Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Word Unspecified Code Execution Vulnerability


  • Please log in to reply
6 replies to this topic

#1 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:06:49 AM

Posted 19 May 2006 - 04:01 PM

A vulnerability has been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error. This can be exploited to execute arbitrary code.

See this link for complete details: http://secunia.com/advisories/20153/

Be (MS Word) Safe

Da Bleepin AniMod, Animal

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:49 AM

Posted 19 May 2006 - 07:07 PM

MS Word Zero-Day Attack

Symantec's DeepSight Threat Analyst Team has escalated its ThreatCon level after confirming the unpatched vulnerability is being used "against select targets."

The exploit arrives as an ordinary Microsoft Word document attachment to an e-mail. However, when the document is launched by the user the vulnerability is triggered to drop a backdoor with rootkit features to mask itself from anti-virus scanners.

security.ithub.com
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:49 AM

Posted 20 May 2006 - 07:17 AM

More details about the backdoor is available in the W32/Ginwui.A description.
Ginwui is a fully-featured backdoor with rootkit features.
http://www.f-secure.com/v-descs/ginwui_a.shtml
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:08:49 AM

Posted 20 May 2006 - 09:43 AM

See Also:

US-Cert Cyber Security Alert SA06-229A

http://www.us-cert.gov/cas/alerts/SA06-139A.html

Their advice, until such time as a security patch may be issued:

Solution

Do not open untrusted Word documents

At the time of writing, an update is not available. Do not open
unfamiliar or unexpected Word or other Office documents,
including those received as email attachments or hosted on a web
site.


(Emphasis mine)

Regards,
John
Whereof one cannot speak, thereof one should be silent.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:49 AM

Posted 24 May 2006 - 09:36 AM

Use Microsoft Word in safe mode to protect against targeted zero-day attacks.

That's the advice from Microsoft's security response team to counter known attacks against a serious code execution vulnerability in the widely used word processing program...

Microsoft: Use MS Word in Safe Mode

...To address the threats until Microsoft issues a patch, the SANS Internet Storm Center recommends that organizations use an e-mail system that quarantines attachments for at least six to 12 hours to allow antivirus signatures to catch up. It also suggests setting limits on user administration rights, using proxy servers to control sites accessible to internal users, and employing intrusion-detection systems and firewalls to monitor outbound traffic.

"Note that this is not a temporary situation that will blow over soon. Microsoft will release a patch against this problem in June, but even after that there are likely to be other attacks using other exploits," researchers wrote on the SANS Internet Storm Center Web site...

MS Word Attacks Likely to Continue

Edited by quietman7, 24 May 2006 - 09:46 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:49 AM

Posted 31 May 2006 - 09:33 AM

Microsoft Corp....said it will issue a patch as part of its monthly security update on June 13, or earlier if necessary.

computerworld.com
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:49 AM

Posted 03 June 2006 - 07:29 AM

Microsoft Security Advisory (919637)
Vulnerability in Word Could Allow Remote Code Execution
Updated: June 2, 2006

Revisions:
• V1.1 (June 2, 2006): Advisory revised to update the “Frequently Asked Questions” section and provide additional clarity around “Step 2 Append /safe to the WINWORD.EXE command line” for “Enterprise Customers using group policy” section under “Always use Microsoft Word in Safe Mode”.

http://www.microsoft.com/technet/security/...ory/919637.mspx
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users