Second zero-day flaw found in Word

By Dawn Kawamoto, News.com
Posted on ZDNet News: Dec 11, 2006 4:21:00 PM

A second security vulnerability has been discovered in Microsoft Word in less than a week.

The zero-day flaw, which is could let an attacker gain remote access to a person's system, affects Word 2000, Word 2002, Word 2003 and Word Viewer 2003, according to a Microsoft security advisory posted Sunday night. Word 2007 is not affected, Microsoft said.

"From the initial reports and investigation, we can confirm that the vulnerability is being exploited on a very, very limited and targeted basis," Microsoft stated in its advisory.

Nonetheless, security provider Secunia said Monday that it is rating this latest Word security flaw as "extremely critical" because it is unpatched and because malicious attackers are currently exploiting the vulnerability.

In this case, attackers are taking advantage of a flaw that arises when an unspecified error occurs when processing a Word document, Secunia said in its advisory.

Microsoft noted that the vulnerability is different from the security flaw discovered in Word last week, which also is a zero-day problem. In order to activate that flaw, a person would need to open a malicious Word file that was hosted on a Web site or an attachment that arrives via e-mail.

The software giant is not expected to have patches available for the flaws when it issues its monthly round of security updates Tuesday.

SponsoredWhite Papers, Webcasts, and Downloads

Talkback
Most Recent of 89 Talkback(s)

Thread View
Flat View

Makes Office 97 look pretty good: Maybe we should all go back to Office 97 which no doubt is to old to be of a problem? The cost should be minor...I think you can purchase old copies on ebay....by the pound.... (Read the rest); Posted by: Bikeman Posted on: 02/07/07 You are currently: Logged In | Log out

Does it work with OpenOffice writer? galileon | 12/11/06

Nothing works with OpenOffice writer

(NT) Scrat | 12/11/06

All of my word documents do (nt) CobraA1 | 12/11/06

Scare Tactics? timblagbrough | 12/11/06

I think what you meant to say was: msolgeek | 12/11/06

Intersting concept, but I don't think so critic-at-arms | 12/11/06

More like "You hit the nail on the head" cdgoldin | 12/11/06

On the contrary... bportlock | 12/11/06

You saying there have to be flaws without actual evidence is nonsense slim-01 | 12/11/06

RE: More like "You hit the nail on the head" joe6pack_z | 12/11/06

Scare tactics? russdwright@... | 12/11/06

No way! We know msolgeek | 12/11/06

Yes, thanks to MS for recognizing and msolgeek | 12/11/06

Your message was truncated . . . critic-at-arms | 12/11/06

Look out Mike Cox slim-01 | 12/11/06

Are these the best paid programmers on the planet, or the VILLAGE IDIOTS??? DonnieBoy | 12/11/06

Just like Linux, OSX, OpenOffice, etc. ShadeTree | 12/11/06

There have been about zero exploits for OpenOffcie. The exploits for Linux DonnieBoy | 12/11/06

Because nobody uses OpenOffice or Linux no_axe_to__grind | 12/11/06

The Apache project will prove you wrong here. Also Linux proves you wrong DonnieBoy | 12/11/06

Considering one copy can be installed 100 times how do you know that slim-01 | 12/11/06

Well you won't be able to gauge by sales numbers Boot_Agnostic | 12/12/06

Want to show some actual links to support your opinion slim-01 | 12/11/06

True and I wonder how many patches to the patches it will take slim-01 | 12/11/06

Security Holes? Not quite jt@... | 12/11/06

ASS***** who will exploit them craptacular@... | 12/11/06

You have a twisted view of the world. ShadeTree | 12/11/06

I actually agree with you this time slim-01 | 12/11/06

RE: I actually agree with you this time joe6pack_z | 12/11/06

disagree with U on Management, wish you were right for all our sakes.... jduvall | 12/11/06

True why do you think Microsoft has shortened it's Windows support time slim-01 | 12/11/06

Re: Your Windows is at least 6 years old. Opps. slim-01 | 12/11/06

Quit with the silly FUD please A.Sinic | 12/12/06

Look at your history slim-01 | 12/12/06

Ah, there is nothing like the smell of bashers on a Monday Confused by religion | 12/11/06

It's especially nice too, since it msolgeek | 12/11/06

Missed the point there msolgeek, didn't ya? Scrat | 12/11/06

it IS funny mdsmedia | 12/12/06

And funnier still that ABMers pile on Boot_Agnostic | 12/14/06

It's especially nice too, since it msolgeek | 12/11/06

Except Milly understands that all software is flawed. ShadeTree | 12/11/06

Shadey man... msolgeek | 12/11/06

Thank You for a dose of reality!! mdsmedia | 12/12/06

Not a voice of doom but a better product is available slim-01 | 12/11/06

I have never seen anyone... mdsmedia | 12/12/06

Pot Kettle Black? Rick_K | 12/13/06

Yup Mr Tree is great for the old Win Tech conflict of interest slim-01 | 12/13/06

"Most used software in the world" craptacular@... | 12/11/06

Really and all these ... ShadeTree | 12/11/06

Comparing Microsoft to Linux for security. kurt@... | 12/11/06

Apples and Oranges? cdgoldin | 12/11/06

OpenOffice is a alternative not a total replacement slim-01 | 12/11/06

Open Office cannot display them properly chriscomber | 12/12/06

"In My Experience"?? mdsmedia | 12/12/06

it doesn't matter because there are no know exploits Still Lynn | 12/11/06

Linux flaws can't get as critical as Microsoft flaws slim-01 | 12/11/06

Not valid comparison net-com | 12/11/06

You will not know when Linux is being used as much as Windows. slim-01 | 12/11/06

You have it in a nut shell slim-01 | 12/11/06

The "Most used" A.Sinic | 12/12/06

You are mistaken. We are Consumer rights activates. slim-01 | 12/11/06

RE: Ah, there is nothing like the smell of bashers on a Monday joe6pack_z | 12/11/06

Is this flaw in Windows only?? efreedom | 12/11/06

Since Mac is BSD based I would guess no slim-01 | 12/11/06

???????? Shelendrea | 12/11/06

Only guessing but I figured targeted for Microsoft users slim-01 | 12/11/06

There are so many experts... arper@... | 12/11/06

re: Limited trm1945 | 12/11/06

Limted to whom (and by whom)? cdgoldin | 12/11/06

Combine this with a company that is a monopoly slim-01 | 12/11/06

Don't forget how M$ really got to the "top." I. Kidya Knott | 12/12/06

Actually I asked Gateway for a Linux or no OS install slim-01 | 12/13/06

One acronym fuzzy2k | 12/11/06

Here's the thing. joe6pack_z | 12/11/06

I will fess up too. I occassionally use Windows slim-01 | 12/11/06

RE: I will fess up too. I occassionally use Windows joe6pack_z | 12/11/06

I've run a comparison and 3 Linux alternatives are as good slim-01 | 12/11/06

Second zero-day flaw found in Word rondev | 12/11/06

I STILL SAY the problem is PEOPLE! Jeff Hayes | 12/11/06

Microsoft Chuck06 | 12/11/06

Mac MS Office chriscomber | 12/12/06

Word 2007 not affected? Florida Boy | 12/12/06

Not surprising to me! I. Kidya Knott | 12/12/06

funny ha ha khemimbalance | 12/12/06

If the people here are typical of the fighting going on elsewhere Boot_Agnostic | 12/13/06

As long as Windows Techs are stacking the deck because of job security slim-01 | 12/13/06

Office 97 is still good

bunkport | 12/12/06

suprise suprise roddic | 12/12/06

Makes Office 97 look pretty good Bikeman | 02/07/07

What do you think?

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SponsoredWhite Papers, Webcasts, and Downloads

Printers
'Green' Font Cuts Costs and Saves Trees (BNET)
Three Ways to Save Paper (BNET)
CNET Reviews printer buying guide (CNET)
View all printers-tagged content on ZDNet
Plan B from Brother
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N3691.ZDNet/B3025330.3;abr=!ie;sz=120x90;ord=2008.09.05.12.28.36?"> </SCRIPT> <NOSCRIPT> <A HREF="http://adlog.com.com/adlog/c/r=9106&s=814713&o=1009:&h=cn&p=2&b=2&l=en_US&site=22&pt=2100&nd=1009&pid=&cid=150566&pp=100&e=2&rqid=00c17-ad-e248B885E733D2DB2&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=38%2e103%2e63%2e59&pg=&t=2008.09.05.12.28.36/http://ad.doubleclick.net/jump/N3691.ZDNet/B3025330.3;abr=!ie4;abr=!ie5;sz=120x90;ord=2008.09.05.12.28.36"> <IMG SRC="http://ad.doubleclick.net/ad/N3691.ZDNet/B3025330.3;abr=!ie4;abr=!ie5;sz=120x90;ord=2008.09.05.12.28.36?" BORDER=0 WIDTH=120 HEIGHT=90 ALT="Click Here"> </A> </NOSCRIPT>
It's the smarter way to work in color Our professional color ink-jet all-in-ones give you more choices, more features, and more value. Make the Smarter Choice. Learn More »
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N3691.ZDNet/B3025330.4;abr=!ie;sz=75x40;ord=2008.09.05.12.28.36?"> </SCRIPT> <NOSCRIPT> <A HREF="http://adlog.com.com/adlog/c/r=9106&s=814713&o=1009:&h=cn&p=2&b=2&l=en_US&site=22&pt=2100&nd=1009&pid=&cid=150566&pp=100&e=2&rqid=00c17-ad-e248B885E733D2DB2&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=38%2e103%2e63%2e59&pg=&t=2008.09.05.12.28.36/http://ad.doubleclick.net/jump/N3691.ZDNet/B3025330.4;abr=!ie4;abr=!ie5;sz=75x40;ord=2008.09.05.12.28.36"> <IMG SRC="http://ad.doubleclick.net/ad/N3691.ZDNet/B3025330.4;abr=!ie4;abr=!ie5;sz=75x40;ord=2008.09.05.12.28.36?" BORDER=0 WIDTH=75 HEIGHT=40 ALT="Click Here"></A> </NOSCRIPT>

Second zero-day flaw found in Word

SponsoredWhite Papers, Webcasts, and Downloads

What do you think?

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SponsoredWhite Papers, Webcasts, and Downloads

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads