| By Chris Mosby |
As Microsoft unveils the latest version of Office — Office 2007 — I take a look at a few flaws that haven’t yet been patched in previous versions.
One of these flaws was recently discovered, and the other is a leftover from last year. Both are continuing the trend of Microsoft Office vulnerabilities that have been showing up for months, with no end in sight.
Another MS Word flaw threatens users
Symantec recently discovered that a Trojan the company calls Trojan.Mdropper.W is using a previously unknown flaw in Microsoft Word 2000. This flaw allows a hacker to run infected code on a computer when a user opens a Word document specially made to exploit this vulnerability.
The execution of infected code has been confirmed in Word 2000. Some sources have also reported a denialofservice (DoS) exploit that uses Word XP and Word 2003 to consume all available CPU resources.
Microsoft has acknowledged the flaw in Word 2000 in security advisory 932114. But the company claims that this vulnerability can’t be exploited in any other version of Word. Microsoft doesn’t really consider flaws that cause DoS conditions to be security vulnerabilities, so you aren’t likely to get any info on this exploit’s effects on Word from Redmond. The advisory also says that Microsoft is working on a patch, but it doesn’t give any kind of timeframe when the patch will be completed.
What to do: Microsoft’s Security Advisory states: "Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted Word file."
This is a good practice when dealing with any e-mail attachments. See the US-CERT Cyber Security Tip ST04-010 for a detailed explanation of why this is necessary.
More information: CVE-2007-0515, Secunia, SecurityFocus, US-CERT, MSRC
PowerPoint still unpatched for DoS
PowerPoint 2003 has a flaw that causes the application to fail to check the input of .ppt files. If a hacker exploits this vulnerability by getting a user to open an exploited PPT file, the flaw can cause a DoS. This flaw has been confirmed in Office 2003, but other versions may also be vulnerable.
Microsoft first acknowledged this problem in a Microsoft Security Response Center (MSRC) blog entry on Oct. 12, 2006. This post first reported the flaw would allow infected code to run if a user opened a hacked file. Microsoft later retracted this in an MSRC blog post on Nov. 11, 2006, stating that the flaw could only cause a DoS and that the company didn’t consider this to be a security vulnerability.