On last.fm: Interview with the mini mall rap guy!
BNET Business Network:
BNET
TechRepublic
ZDNet

August 21st, 2008

More security holes appear in Microsoft Office

Posted by Ryan Naraine @ 11:03 am

Categories: Arbitrary Code Execution, Botnets, Browsers, Data theft, Exploit code, Malware, Microsoft, Patch Watch, Pen testing, Responsible disclosure, Vulnerability research, Zero-day attacks

Tags: User Interaction, Vulnerability, Microsoft Corp., Microsoft Office, Security, Office Suites, Software, Ryan Naraine

More security holes appear in Microsoft OfficeIn addition to this long list of missing Microsoft patches, there are at least three serious (unpatched) vulnerabilities in the Microsoft Office productivity suite.

On August 12, the same day Microsoft released a slew of Office patches, TippingPoint’s DV Labs published a bare-bones advisory warning about a new high-risk Office flaw that allows code execution attacks.

From the DVLabs pre-patch alert:

  • This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

[ SEE: Where on earth are these Microsoft patches? ]

The company also has two additional unpatched Office bugs on its list:

  • July 8, 2008: This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
  • May 5, 2008: This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Vulnerability discoveries made by TippingPoints DV Labs are different from those purchased by the company’s ZDI (Zero Day Initiative).

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 18 Talkback(s)
?
Dude !
Are you really using that stuff ??? (Read the rest)
Posted by: ghost_ghost Posted on: 08/30/08 You are currently: a Guest | | Terms of Use
More security holes appear in Microsoft Office  Loverock Davidson | 08/21/08
re: More security holes appear in Microsoft Office  mburton325 | 08/21/08
Talk about flogging one dead horse...  zkiwi | 08/21/08
Mitigation? Yeah, right.  cquirke | 08/22/08
Really not a threat.  storm14k | 08/22/08
?  ghost_ghost | 08/30/08
Why do you bite the hand that feeds you  tracy anne | 08/22/08
Tracy Anne....how do you mean "pro" Microsoft?  xuniL_z | 08/22/08
A couple of post down they talk Tomcat...  bjbrock | 08/21/08
RE: More security holes ??? would you care to elaborate  Gruffydd | 08/22/08
What would you like elaborated?  seanferd | 08/22/08
RE: More security holes appear in Microsoft Office  phatkat | 08/22/08
You have to go to a malicious web site?  No_Ax_to_Grind | 08/22/08
Sounds like the security hole is located between the keyboard and the chair  deowll | 08/22/08
Yes, because you *always know* which websites are "malicious".  Zogg | 08/24/08
No, you don't have to...  zkiwi | 08/24/08
Never underestimate the user  wekiva@... | 08/22/08
RE: More security holes appear in Microsoft Office  trm1945 | 08/24/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here