Slashdot Mirror


MS Word Zero-Day Exploit Found

subbers writes "A zero-day flaw in Microsoft Word program is being used in an active exploit by sophisticated hackers in China and Taiwan, according to warnings from anti-virus researchers. The exploit arrives as an ordinary Microsoft Word document attachment to an e-mail and drops a backdoor with rootkit features when the document is opened and the previously unknown vulnerability is triggered. From the article: 'The e-mail was written to look like an internal e-mail, including signature. It was addressed by name to the intended victim and not detected by the anti-virus software.'"

7 of 396 comments (clear)

  1. At least it's not open source by Anonymous Coward · · Score: 5, Funny

    You know how unreliable OSS is after all...

  2. In related news by Siberwulf · · Score: 5, Funny

    Sony announces it will be sending an apology note to users who were infected by their rootkit DRM. The apology will be in .doc format.

  3. real damage? by gEvil+(beta) · · Score: 5, Funny

    Finnish anti-virus vendor F-Secure said a successful exploit allows the attacker to create, read, write, delete and search for files and directories; access and modify the Registry; manipulate services; start and kill processes; take screenshots; enumerate open windows; create its own application window; and lock, restart or shut down Windows.

    Yeah, but can they do any real damage? : p

    --
    This guy's the limit!
  4. Ahh Microsoft by dannyelfman · · Score: 4, Funny

    I would like to point out that as a pen tester, Microsoft product really *DO* make my job easier.

  5. Patch available by MarkByers · · Score: 3, Funny

    Patch available: http://www.openoffice.org/

    --
    I'll probably be modded down for this...
  6. Only a taste... by gerrysteele · · Score: 5, Funny

    ...of things to come. This is the Microsoft Windows Vista teaser trailer :p

  7. Name Change? by JoshuaJarman · · Score: 5, Funny

    Maybe they should consider renaming MS Word to MS Access?