News Blog Subscribe to News Blog
March 24, 2008 8:11 AM PDT

Microsoft probes Word flaw that permits targeted attacks

Posted by Martin LaMonica

Microsoft is looking into a vulnerability that could affect Word, the company said Monday.

Overall, Microsoft said, it believes the vulnerability's risk is limited because its requires people to take multiple steps for the hack to be successful. Microsoft said it is only aware of targeted attacks that take advantage of the flaw.

The vulnerability is in Microsoft's Jet Database engine, which can be exploited through Word. Microsoft is investigating whether other applications can also exploit the vulnerability.

According to Microsoft's security alert:

Customers running Windows Server 2003 Service Pack 2, Windows Vista, and Windows Vista Service Pack 1 are not vulnerable to the buffer overrun being attacked, as they include a version of the Microsoft Jet Database Engine that is not vulnerable to this issue.

Customers using Microsoft Word 2000 Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007, and Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1 are vulnerable to these attacks.

People who believe they have been attacked can go to the Microsoft Web site for support.

Recent posts from News Blog
Facebook CTO to leave company
Nvidia CEO denies buyout of Via
Stolen Mac helps nab burglary suspects
Flaw turns Gmail into spamming machine
Facebook borrows $100 million
Add a Comment (Log in or register) 4 comments (Page 1 of 1)
Correction
by rmva March 24, 2008 8:50 AM PDT
"Customers running Windows Server 2003 Service Pack 2, Windows Vista, and Windows Vista Service Pack 1 are not vulnerable to the buffer overrun being attacked, as they include a version of the Microsoft Jet Database Engine that is not vulnerable to this issue."
Reply to this comment
It would be helpful to most readers
by suyts March 24, 2008 10:30 AM PDT
to specifically list WHAT "steps" are involved in allowing a hack to be successful.
Reply to this comment
typical
by Dalkorian March 24, 2008 2:28 PM PDT
Let me get this straight. Word, which is (supposed to be) a word processing application can be used to attack the database engine? We *MUST* be talking about M$ here, not because of the names of the programs but because of the simple ridiculousness of a database engine being so vulnerable to attack that you can use a word processor to do it! What were these monkeys smoking when they wrote this trash anyway?
Reply to this comment View reply
Powered by Jive Software
advertisement
Click Here

  • About News Blog

  • Recent posts on technology, trends, and more.

Add this feed to your online news reader
Google
Yahoo
MSN

News Blog topics

Latest from News.com

Featured blogs

Beyond Binary by Ina Fried A look at how technology is changing our lives and at the people behind all that life-changing stuff.

Coop's Corner by Charles Cooper Charles Cooper weighs in on Silicon Valley hijinks, and he doesn't suffer fools gladly.

Defense in Depth by Robert Vamosi Covering the latest in computer viruses and computer crime.

Geek Gestalt by Daniel Terdiman At the tech culture nexus of video games, fire art, and virtual worlds.

Green Tech Fresh green tech news and commentary.

One More Thing by Tom Krazit Tom Krazit takes on the tech phenomenon that is Apple, and keeps a close watch on the chip industry.

Outside the Lines by Dan Farber When business and technology meet, that's when things get interesting.

The Iconoclast by Declan McCullagh Exploring the intersection of politics and technology.

The Social by Caroline McCarthy Exploring all facets of social media and tech culture.

Underexposed by Stephen Shankland Coverage of digital photography, science, and open-source software.

advertisement
Welcome (log out) |View profile
Log in | Sign up Why join?
On CHOW: Does drinking ice water burn calories?
Advanced
search
advertisementUnlimited long distance $24.99/mo
Advanced
search
Visit other CNET Networks sites: