No announcement yet.

Critical vulnerabilities in SAV and Word

  • Filter
  • Time
  • Show
Clear All
new posts

  • Voltage Spike
    Originally posted by GBHis
    Since when has Word been an e-mail program?
    I can't comment on whether the following actually affects this vulnerability, but...

    If you install both Microsoft Outlook and Microsoft Word, then Outlook will choose to use Word as your email editor. As far as I know, Word does not run in the preview pane (or whatever they call it these days), but if you reply, forward, or even open the email then you have effectively opened the email in Word.

    The reason that I don't know if the above is relevant is that Microsoft passes Word-authored email around in HTML. In other words, the Word vulnerability would have to be present even when opening HTML documents.

    Leave a comment:

  • GBHis
    A newly discovered vulnerability in Microsoft Word XP and Word 2003 allows malicious hackers to mount Trojan-based attacks through e-mail attachments, establishing a backdoor that allows them to control compromised Windows PCs. According to security experts, files containing the Mdropper-H and Backdoor-Ginwui Trojans have begun to circulate on the Internet.
    Hmm... E-mail attachments? Since when has Word been an e-mail program?
    It seems like the risk is in people opening word(.doc)-attachments in their little office program: Outlook?
    I also use Open Office, but it has a word-importer? You'd have to investigate this before feeling so safe, Mr. M...

    Symantec says that the targeted attack can bypass spam filters
    Great... Spam-filters? That's those who deletes stuff people you don't know send?
    Hmm. Bypass? Maybe it's because I'm not a native english speaker, but "bypass" sounds rude and active? I would have said "let it through" or something..?
    Anyway, did they mean firewalls?

    How does it work? Give us some technical details :)


    PS: Isn't VBA disabled due to security reasons in any MS-Office program per some update?

    Leave a comment:

  • Mr_Mischif
    Then it's a good thing I use BitDefender and OpenOffice

    Leave a comment:

  • bascule
    started a topic Critical vulnerabilities in SAV and Word

    Critical vulnerabilities in SAV and Word

    Ugh, was posting this last night and I guess I ever finished...,aid,125901,00.asp