Slashdot Mirror

← Back to Stories (view on slashdot.org)

Third Microsoft Word Code Execution Exploit Posted

Posted by CowboyNeal on from the doors-wide-open dept.

gregleimbeck writes "Exploit code for a third, unpatched vulnerability in Microsoft Word has been posted on the Internet, adding to the software maker's struggles to keep up with gaping holes in its popular word processing program. The attack code, available at Milw0rm.com, contains sample Word documents that have been rigged to launch code execution exploits when the file is opened."

5 of 174 comments (clear)

  1. Re:This appears to affect OpenOffice 2.0.4? by Rupan · · Score: 4, Insightful

    The gdb backtrace shows that the crash occurs in SwIoSystem::IsFileFilter (). EIP may not have been overwritten; the value points into what appears to be a valid function (i.e. not the stack or heap):

    eip 0xb7286b4d 0xb7286b4d osl_getVolumeInformation+4487

    Of course, this is probably because the exploit was designed to crash MS Word in the first place, not execute arbitrary code.

    --
    Ads? What ads?
  2. Re:Wait, who still uses M$ 0ffice? by phrasebook · · Score: 5, Insightful

    I tried switching my dad to Open Office when we couldn't find the MS Office CD - he immediately complained that the small fonts he was using in his spreadsheets (less than 8 points) didn't render nicely in OO compared to Excel, so he went and bought a copy of Office 2003.

    Little things like that count for a lot. OO might be more secure than MS Office, but it's terrible quality software in user-visible ways (i.e. it's ugly, slow and bloated). These things count to people. Little problems can't just be overlooked because it's free. My dad could pick it apart within minutes, and he doesn't normally care about software at all. He didn't care about paying for Office either, in fact he didn't think twice about it.

    That's why. Nothing to do with TCO, Microsoft being evil, security, monopoly or anything else. OpenOffice just isn't very good in the ways that count to regular users.

  3. Re:Wait, who still uses M$ 0ffice? by mcrbids · · Score: 4, Insightful

    If you knew enough to download it for him you should have known enough to turn on antialiasing for font sizes 8 and lower in the options menu.

    And if you knew end-users enough to comment on them, you should have known enough that end-users won't know how to turn this on.

    See, software shouldn't "get in the way" of what you're trying to do.

    --
    I have no problem with your religion until you decide it's reason to deprive others of the truth.
  4. Re:This appears to affect OpenOffice 2.0.4? by Gothmolly · · Score: 5, Insightful

    ...imagine what could be done with 10k of executable code

    Run Visicalc?

    --
    I want to delete my account but Slashdot doesn't allow it.
  5. who downloads attachments from unknowns anyway by ZahnRosen · · Score: 4, Insightful

    This goes under the category of basic internet security. Don't open files from people you don't know. And if you do get a wierd file from someone you don't know stop and think for 10 seconds about it before you open it. Or, buy a mac.