Symantec Reports New Zero-Day Word Bug - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications
News
1/26/2007
12:17 PM
50%
50%

Symantec Reports New Zero-Day Word Bug

The bug, which affects Word 2000, lets hackers execute their own code with the same privileges as the user.

Attackers are using a critical, unpatched vulnerability in Microsoft Word -- the fourth known unfixed flaw in the popular word processor -- to hijack computers, Symantec warned Friday.

The bug, which affects Word 2000, lets hackers execute their own code with the same privileges as the user. In most cases, Windows users run in administrator mode, which allows full access to the PC and its files. If a user opens a malformed Word file, which would typically be delivered as a file attachment to a spoofed e-mail, the Mdropper.m Trojan creates a backdoor that allows later remote access by the attacker.

Danish vulnerability tracker Secunia rated the new vulnerability as "Extremely critical," the highest warning in its 1 through 5 scale.

Although only Word 2000 can lead to a complete compromise of the PC, Word 2002 and Word 2003 users attacked by the exploit will find that all the computer's processor cycles are consumed by the malware, effectively creating a denial-of-service attack. Rebooting the computer is the only way to regain control of the machine.

The new flaw is different from three other unpatched Word bugs that appeared in December 2006. Microsoft has let the vulnerabilities slide in the last two monthly security updates.

Symantec recommended that users not open Word attachments "unless they are expected and come from a known and trusted source."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
How to Create a Successful AI Program
Jessica Davis, Senior Editor, Enterprise Apps,  10/14/2020
News
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
Slideshows
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
Slideshows
Flash Poll