Technology news and Jobs 
Information Technology News New zero day flaw in Word for PCs and Macs
Information Technology News New zero day flaw in Word for PCs and Macs | New zero day flaw in Word for PCs and Macs |
|
|
|
| Written by Stan Beer | |
| Wednesday, 06 December 2006 | |
|
Based on Microsoft's own vulnerability classifications, the flaw would probably not be placed in the critical category because, as Microsoft points out in its advisory, a user would have to initiate an action that would enable an attacker to execute code on their computer. According to the advisory: "In a Web-based attack scenario, an attacker would have to host a Web site that contains a Word file that is used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site. "In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a specially-crafted file to the user and by persuading the user to open the file." The usual advice about not opening or saving files from unknown sources applies. However, there is no news yet whether there will be a patch available in time for the coming Patch Tuesday on December 12.
Get stories like this delivered daily - FREE - subscribe now When you subscribe get a 12 months license for LiveProject Valued at $99 USD  Download the FREE iTWire desktop alert widget
  |
Tags
| < Prev | Next > |
|---|
Subscribe to iTWire's daily e-newsletter now and get a FREE 12 month license to project management software valued at $99 USD. 
