Word Vulnerability Compromised US State Dept.

hf256 writes "Apparently hackers using an undisclosed (at the time) vulnerability compromised the State Departments network using a Word document sent as an email attachment. Investigators found multiple instances of infection, informed Microsoft, then had to sever internet connectivity to avoid leaking too much data!"

Re:Scary

[ArsenneLupin]

The crux of the problem here is that MS Word needs or provides Internet access for some of it's functions. Even if it had any buffer overflows, the problem would not be exploitable from remote systems. Although Word does probably provide Internet access to its macros and other nasties, this was not a necessary condition for this to work. Even if MS Word didn't have any code within to connect to the internet, any supposed exploit would have been able to supply its own. And from the looks of it, this is what happen here. Apparently, this was some kind of call-back program that would somehow tunnel out through the firewall, connect to the hacker's control console and accept instructions from there.

Such a thing is rather complex, and probably not pre-existing within word. It was brought in by the trojan itself.