
Secunia warns of malicious attack exploit...
Published: 5 September 2006 17:15 BST
An "extremely critical flaw" in Microsoft Word 2000 is currently being exploited by malicious attackers, which could lead to remote execution of code on a user's system, security researcher Secunia advised on Tuesday.
The vulnerability affects systems running Windows 2000 and occurs when processing malicious Word 2000 documents, according to Secunia's security advisory.
Security company Symantec, which several days ago detected the exploit, Trojan MDropper.Q, noted that it uses a two-step attack.
Trojan MDropper.Q exploits the Microsoft Word vulnerability to drop another file, a new variant of Backdoor.Femo, according to a security advisory by Symantec.
Symantec's advisory stated: "As with other recent [Microsoft] Office vulnerabilities, documents incorporating the exploit code must be opened with a vulnerable copy of Microsoft Word 2000 for it to work. As such, it makes the vulnerability unsuitable for the creation of self-replicating network worms."
Microsoft has not yet issued a patch for the vulnerability, and users are advised to forgo opening untrusted documents.
This latest exploit of an Office vulnerability follows on the heels of another, similar malicious attack in June. In that particular case, users' systems would become infected when opening a malicious Excel document called "okN.xls". That malicious file contained the Trojan horse Mdropper.J, which then dropped the Booli.A program on a user's system. Booli.A would then download more malicious files to the user's PC.
Dawn Kawamoto writes for CNET News.com
Experience with desktop publishing tools, including proficiency in Microsoft Word & Analyze IT project requirements to determine documents needed. ...
London (City) based investment bank have a new opening for a strong BA. You will also be involved heavily within documentation - of past and present ...
PDAs, Blackberrys & 3G Cards - Windows based applications such as Word, Excel, and Outlook. To be considered you must have good experience providing ...
CIO Agenda 2008
The exclusive silicon.com CIO Agenda 2008 survey looks at the CIO's tech shopping list for the year, examines whether IT budgets are rising or falling and reveals what the pain points are for tech chiefs this year. Find out more in our latest special report.
Staffing Service Coordinates Sales Activities, Utilizes Business Intelligence With...
Teachers Association Turns to Centralized Data Repository to Improve Member Service
Financial-Software Leader Credits Productivity Boost, Reduced IT Costs to 2007 Software
Staying Ahead of the Curve: Oracle Database 11g vs. Microsoft SQL Server 2005
Stories from the web...
Copyright ©1995-2008 CNET Networks, Inc. All rights reserved. Top of page
silicon.com Dear silicon.com... XP lives, the femtocell 'truth', BlackBerry bashing… Reader Comments of the Week
Martin Brampton The Brampton Factor: Open source 'brotherhood' closed to co-operation Where's the real sharing?