Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Word Security Flaw

Posted by timothy on from the remember-word-viruses-fondly dept.

JWL-23 writes: "cnn.com is reporting that a Microsoft Word flaw may allow file theft. Furthermore, they plan on not fixing Word 97, leaving millions of users out in the cold. Yet another reason to try OpenOffice.org." It still takes more than running Word to expose the contents of your hard drive though.

3 of 450 comments (clear)

  1. MS-Word and document exchange by Charles+Dodgeson · · Score: 5, Informative

    Yet another reason why MS Word is not a document exchange format. That rant is also avaible in other formats

    --
    Prime numbers are exactly what Alan Greenspan says they are -S. Minsky
  2. Not True by DaytonCIM · · Score: 5, Informative

    "Furthermore, they plan on not fixing Word 97, leaving millions of users out in the cold."

    That's not entirely true. It is true that before this story broke, Microsoft had no plans on updating or offering any new fixes for anything '97.
    However, CNN and AP reported this morning that Micorsoft hasn't ruled out a fix and that they are in the process of determining what it would take to make a fix available.

  3. Some clarification by agantman · · Score: 5, Informative

    1) IMHO the emphasis on Word97 is wrong. I originally tested this on Word2000 and it worked perfectly.

    2) I was not out to find yet another M$ bug. I was using Word for my daily work when I stumbled onto this. It was one of those "I wonder what this button does" things.

    3) The vulnerability is actually a lot more serious than the AP and bugtraq posts reveal. There is actually a way to skip the last step where the victim returns the bugged file. In other words, just editing and saving (or printing) the bugged file is sufficient. Look for a new bugtraq post early next week.