No announcement yet.

Critical vulnerabilities in SAV and Word

  • Filter
  • Time
  • Show
Clear All
new posts

  • Critical vulnerabilities in SAV and Word

    Ugh, was posting this last night and I guess I ever finished...,aid,125901,00.asp
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
    [ redacted ]

  • #2
    Then it's a good thing I use BitDefender and OpenOffice
    Originally posted by Gobniu
    Originally posted by skroo
    "The UK Government is preparing to give the police the authority to force organisations and individuals to disclose encryption keys, a move which has outraged some security and civil rights experts."
    Now I know why the founding fathers chose French ideas


    • #3
      A newly discovered vulnerability in Microsoft Word XP and Word 2003 allows malicious hackers to mount Trojan-based attacks through e-mail attachments, establishing a backdoor that allows them to control compromised Windows PCs. According to security experts, files containing the Mdropper-H and Backdoor-Ginwui Trojans have begun to circulate on the Internet.
      Hmm... E-mail attachments? Since when has Word been an e-mail program?
      It seems like the risk is in people opening word(.doc)-attachments in their little office program: Outlook?
      I also use Open Office, but it has a word-importer? You'd have to investigate this before feeling so safe, Mr. M...

      Symantec says that the targeted attack can bypass spam filters
      Great... Spam-filters? That's those who deletes stuff people you don't know send?
      Hmm. Bypass? Maybe it's because I'm not a native english speaker, but "bypass" sounds rude and active? I would have said "let it through" or something..?
      Anyway, did they mean firewalls?

      How does it work? Give us some technical details :)


      PS: Isn't VBA disabled due to security reasons in any MS-Office program per some update?


      • #4
        Originally posted by GBHis
        Since when has Word been an e-mail program?
        I can't comment on whether the following actually affects this vulnerability, but...

        If you install both Microsoft Outlook and Microsoft Word, then Outlook will choose to use Word as your email editor. As far as I know, Word does not run in the preview pane (or whatever they call it these days), but if you reply, forward, or even open the email then you have effectively opened the email in Word.

        The reason that I don't know if the above is relevant is that Microsoft passes Word-authored email around in HTML. In other words, the Word vulnerability would have to be present even when opening HTML documents.