On The Insider: Trial Set for Anna Nicole Smith Case
BNET Business Network:
BNET
TechRepublic
ZDNet

March 24th, 2008

Microsoft confirms Word attacks

Posted by Larry Dignan @ 4:47 am

Categories: Exploit code, Microsoft, Patch Watch, Responsible disclosure

Tags: Microsoft Corp., Attack, Microsoft Word, Word Processors, Microsoft Windows, Microsoft Office, Security, Office Suites, Software, Operating Systems

Microsoft has confirmed reports of vulnerability in Word that allows an attacker to exploit a system via the Microsoft Jet Database Engine, which shares data with Access, Visual Basic and third party applications.

Microsoft in its advisory said the potential for attack is “very limited.” Reports of the Word flaw were highlighted by Panda and Symantec in the last two weeks. On March 3, Panda researcher Ismael Briones stumbled on the new exploit. On Thursday, Symantec also noted the Jet vulnerability. According to Symantec.

The attacker needs only to find a trick to force the MS Jet library to open the file and trigger the vulnerability that will run the malicious shellcode. Some social engineering and a little help from Office applications will work out well in this specific attack. In fact, it is possible to call MSJET40.DLL directly from MS Word, without using Access at all.

Microsoft said in its advisory:

Customers running Windows Server 2003 Service Pack 2, Windows Vista, and Windows Vista Service Pack 1 are not vulnerable to the buffer overrun being attacked, as they include a version of the Microsoft Jet Database Engine that is not vulnerable to this issue.

Customers using Microsoft Word 2000 Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007, and Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1 are vulnerable to these attacks.

Microsoft is investigating the public reports and customer impact. We are also investigating whether the vulnerability can be exploited through additional applications. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

Microsoft then reiterated that the risk is limited since a customer would have to take multiple steps to make an attack successful.

Larry DignanLarry Dignan is Editor in Chief of ZDNet and Editorial Director of ZDNet sister site TechRepublic. See his full profile and disclosure of his industry affiliations.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

  • Talkback
  • Most Recent of 36 Talkback(s)
Yeah.... sure......right...
Vista is not vulnerable to this particular flaw in Word. So I guess that makes Vista great.... right? Yeah.... until the next Vista flaw is found.

I don't think I want to use Vista just so I can use Word.... (Read the rest)
Posted by: shawkins Posted on: 03/28/08 You are currently: a Guest | | Terms of Use
No, in Jet  larry@... | 03/24/08
I note how MS use it as an opportunity to push Vista  mark@... | 03/24/08
Vista is NOT vulnerable: yet another reason to use Vista  qmlscycrajg | 03/24/08
Use Vista so you can use Word.......  James Quinn | 03/24/08
Not  fairportfan | 03/24/08
I'd rather take my chances with the exploit....  dunn@... | 03/24/08
"Vista is a 4GB screen saver"  wackoae | 03/24/08
RE: I'd rather take my chances wit hthe exploit...  bfilipiak@... | 03/24/08
Vista's a 4GB Screen Saver - AND a Resourse Hog!  drprodny | 03/24/08
Pathetic !  Richard Turpin | 03/25/08
Vista is...  fairportfan | 03/24/08
Tasty!  seanferd | 03/24/08
Unless of course...  zkiwi | 03/24/08
"Another" reason?  alf@... | 03/25/08
Yeah.... sure......right...  shawkins | 03/28/08
RE: Microsoft confirms Word attacks  afficionado | 03/24/08
Liars!!  techboy_z | 03/24/08
The Steve Ballmer Reality Distortion Field?  nix_hed | 03/24/08
More like Millions Upon Millions  drprodny | 03/24/08
Additional information  Ole Man | 03/24/08
Oh grow up  top100developers | 03/24/08
You're forgetting something, Ole Man...  nix_hed | 03/24/08
...  Linux User 147560 | 03/24/08
Good Point  Pony99CA | 03/24/08
Although...  zkiwi | 03/24/08
That would not generate revenue  Ole Man | 03/25/08
Office 2007 trial kills Office 2000 patch notices  BorisKarloff | 03/24/08
Office 2000 NEVER Used Microsoft Updates  PMC-CON | 03/24/08
BUT, I said _Office_ Update  BorisKarloff | 03/24/08
Victimized... for the last time!  aaacitizen | 03/24/08
nice try  Turd Furgeson | 03/24/08
Mom's basement?  zkiwi | 03/24/08
Is Jet part of Office or Windows?  cquirke | 03/24/08
RE: Microsoft confirms Word attacks  cdmsr | 03/24/08
RE: Microsoft confirms Word attacks  Verticity1 | 03/25/08
RE: Microsoft confirms Word attacks  arslanhassan999@... | 03/25/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
Click Here

Recent Entries

advertisement
Click Here

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here