Slashdot Mirror

← Back to Stories (view on slashdot.org)

Third Microsoft Word Code Execution Exploit Posted

Posted by CowboyNeal on from the doors-wide-open dept.

gregleimbeck writes "Exploit code for a third, unpatched vulnerability in Microsoft Word has been posted on the Internet, adding to the software maker's struggles to keep up with gaping holes in its popular word processing program. The attack code, available at Milw0rm.com, contains sample Word documents that have been rigged to launch code execution exploits when the file is opened."

3 of 174 comments (clear)

  1. Anyone remember milw0rm? by __aaijsn7246 · · Score: 4, Informative

    http://en.wikipedia.org/wiki/Milw0rm

    milw0rm is a group of "hacktivists" best known for penetrating the computers of the Bhabha Atomic Research Centre (BARC) in Bombay, the primary nuclear research facility of India, on June 3, 1998. The attack generated heated debate on the security of information in a world prevalent with countries developing nuclear weapons, the ethics of "hacker activists" or "hacktivists," and the importance of advanced security measures in a modern world filled with teenagers willing and able to break into insecure international websites.

  2. Re:Wait, who still uses M$ 0ffice? by SnowZero · · Score: 4, Informative

    If you want more of your clients to change to OO, just run "strings" on their .doc files and email them the parts that came from other documents. That should be enough to get them to change their minds about it.

    (For the uninitiated, As you edit a document in MS Word, it picks up bits of other documents you have open at the time or even previously opened. This is because it doesn't clear memory before using it, and the fast-save file format is really more a memory dump. This may have been fixed in the latest version of MS Word; I certainly hope so...)

  3. Re:Another day, another misfeature. by dsci · · Score: 3, Informative

    And UNIX people know this, as it took decades to fix their OS.

    Speaking specifically about using file extensions, I think 'decades' is a little strong.

    From Wikipedia's FILE entry:

    The original version of file originated in Unix Research Version 4 in 1973 ... file's position-sensitive tests are normally implemented by matching various locations within the file against a textual database of magic numbers (see the Usage section). This differs from other simpler methods such as file extensions and schemes like MIME.

    Even if you happen to believe that the real improvements to file were not made until System V, that was 1983...so not decadeS, but decade.

    So no, not a troll and not revisionist. You make it sound like Unix was not usable until the 1990's.

    --
    Computational Chemistry products and services.