iTnews
  • Home
  • News
  • Technology
  • Security

Third attack hits Microsoft Word

By Shaun Nichols
Dec 19 2006 9:17AM
Follow google news

Three's company for text editor flaws.

Third attack hits Microsoft Word
Attackers have started exploiting a new vulnerability in Microsoft Word, security vendor eEye disclosed on its Zero-day Tracker website. The vulnerability is the third active Word exploit to surface in two weeks.  

Microsoft has not confirmed the vulnerability, but a spokesman told vnunet.com that the company is investigating the reports. 

The vulnerability could allow for remote code execution, allowing an attacker to take control of a vulnerable system and steal information or install malware.

The flaw affects Word 2000, Word XP, Word 2003 and Word Viewer 2003. Microsoft also said that it has received reports of Word v.X for Mac being vulnerable to the exploit, but could not confirm the reports.

Security company Secunia lists the vulnerability as 'highly critical', the firm's highest level of security alert. 

The US Computer Emergency Readiness Team (US-Cert) said that the exploit is launched when a user opens a specially crafted Word document. 

The organisation recommends that users avoid opening any Word document that originates from untrusted sources, or files that arrive unexpectedly from trusted sources.

US-Cert also warned that filtering files by extension name (such as .doc) may not protect users from attack, because Word will open files with the correct file header information regardless of the extension name.

If confirmed, this will be the third active exploit to be released for Microsoft Word since 6 December. Neither of the other two Word vulnerabilities were addressed in last Tuesday's security patch release from Microsoft.

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
attackhitsmicrosoftsecuritythirdword

Related Articles

  • Meta accuses NSO Group of violating court order by WhatsApp spear phishing Meta accuses NSO Group of violating court order by WhatsApp spear phishing
  • Researchers build self-replicating AI worm with BYO LLM Researchers build self-replicating AI worm with BYO LLM
  • Anthropic opens Claude Mythos Preview AI program to Australia Anthropic opens Claude Mythos Preview AI program to Australia
  • Defence says Palantir is "sandboxed" in its environment Defence says Palantir is "sandboxed" in its environment
Join our WhatsApp Channel

Partner Content

From test case to control tower: How DXC and ServiceNow are governing enterprise AI at scale
Promoted Content From test case to control tower: How DXC and ServiceNow are governing enterprise AI at scale
Take control of your connectivity with Telstra’s Adaptive Networks Centre
Partner Content Take control of your connectivity with Telstra’s Adaptive Networks Centre
You meet the security standard. Shame no one can see it
Promoted Content You meet the security standard. Shame no one can see it
Onel Consulting Strengthens Its White-Glove Services With Strategic COO Appointment
Promoted Content Onel Consulting Strengthens Its White-Glove Services With Strategic COO Appointment

Sponsored Whitepapers

Agile in the AI Era: why projects still fail
Agile in the AI Era: why projects still fail
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
High-volume data sources for AI-driven security analytics
High-volume data sources for AI-driven security analytics
How healthcare organisations can get more value from cloud
How healthcare organisations can get more value from cloud
1 in 3 companies lose SaaS data. Here’s how to prevent it
1 in 3 companies lose SaaS data. Here’s how to prevent it

Events

  • iTnews State of Security Breakfast iTnews State of Security Breakfast
  • iTnews State of Data & AI Breakfast iTnews State of Data & AI Breakfast
  • The 2026 iAwards The 2026 iAwards
  • Integrate 2026 Integrate 2026
  • Security Exhibition & Conference Security Exhibition & Conference
Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Anthropic opens Claude Mythos Preview AI program to Australia

Anthropic opens Claude Mythos Preview AI program to Australia
Defence says Palantir is "sandboxed" in its environment

Defence says Palantir is "sandboxed" in its environment
Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
Microsoft backs down on legal threats against 0day disclosing researchers

Microsoft backs down on legal threats against 0day disclosing researchers
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.