MS Word Vulnerabilities Reported on Exploit Sites

Apr 11, 2007

Microsoft says it has found no attacks attempting to exploit the reported Office vulnerabilities, but it is continuing to investigate.

Microsoft is investigating public reports of vulnerabilities in Microsoft Office.

Reports of several new security holes in Microsoft Office have been made public on known exploit sites. The company did not release specific information about the vulnerabilities, citing potential risk to users.

"Microsoft is not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time," said a spokesperson for the company, based in Redmond, Wash. "Microsoft will continue to investigate the public reports to help provide additional guidance for customers as necessary."

Postings about the vulnerabilities indicate that exploitation could lead to a program crash or the execution of arbitrary code.

Amol Sarwate, manager of vulnerability research at Qualys, a provider of on-demand security risk and compliance management solutions, based in Redwood Shores, Calif., said the widespread use of Microsoft Word makes the vulnerabilities even more threatening.

"Considering the prevalence of Microsoft Word, the fact that these vulnerabilities target unsuspecting users and also the consequence - total compromise of the system - I would say these vulnerabilities are very serious," Sarwate said. "In addition, zero-day targeted attacks - for CVE-2007-0870 - have amplified the need for a patch."

However, Sarwate added it is important to differentiate between proof-of-concept code and exploit code. "When POC - zero-day - code exists, is does raise the concern, but does not necessarily mean that exploit code will be released or that people will be exploited," he said.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International

Explore further: Beyond GoPro: Skiers and snowboarders can measure everything with apps, hardware

add to favorites email to friend print save as pdf

Related Stories

Hacker gets prison for cyberattack stealing $9.4M

2 hours ago

An Estonian man who pleaded guilty to orchestrating a 2008 cyberattack on a credit card processing company that enabled hackers to steal $9.4 million has been sentenced to 11 years in prison by a federal judge in Atlanta.

Remains of French ship being reassembled in Texas

3 hours ago

A frigate carrying French colonists to the New World that sank in a storm off the Texas coast more than 300 years ago is being reassembled into a display that archeologists hope will let people walk over ...

Icelandic volcano sits on massive magma hot spot

3 hours ago

Spectacular eruptions at Bárðarbunga volcano in central Iceland have been spewing lava continuously since Aug. 31. Massive amounts of erupting lava are connected to the destruction of supercontinents and ...

Magic Leap moves beyond older lines of VR

3 hours ago

Two messages from Magic Leap: Most of us know that a world with dragons and unicorns, elves and fairies is just a better world. The other message: Technology can be mindboggingly awesome. When the two ...

NBCUniversal settles with unpaid interns for $6.4M

4 hours ago

NBCUniversal will pay $6.4 million to settle a class action lawsuit brought by unpaid interns who worked on "Saturday Night Live" and other shows who claim they are owed wages, according to court documents.

Recommended for you

Microsoft beefs up security protection in Windows 10

8 hours ago

What Microsoft users in business care deeply about—-a system architecture that supports efforts to get their work done efficiently; a work-centric menu to quickly access projects rather than weather readings ...

Team infuses science into 'Minecraft' modification

Oct 24, 2014

The 3-D world of the popular "Minecraft" video game just became more entertaining, perilous and educational, thanks to a comprehensive code modification kit, "Polycraft World," created by University of Texas at Dallas professors, ...

Microsoft's Garage becomes an incubator of consumer apps

Oct 24, 2014

For five years now, The Garage has served as Microsoft's incubator for employees' passion projects, an internal community of engineers, designers, hardware tinkerers and others from all different parts of the company who ...

Students win challenge for real-time traffic app

Oct 24, 2014

Three University of Texas at Arlington Computer Science and Engineering students have won a $10,000 prize in the NTx Apps Challenge for a smart traffic light network that adjusts traffic light schedules to ...

User comments : 0