Mobile menu

Microsoft Word Vulnerability: Ideas on getting around it?
Thread poster: pzchvpr

pzchvpr  Identity Verified
Local time: 16:17
English to Spanish
+ ...
Dec 19, 2006

There are currently 2 Word vulnerabilities for which there are no patches. Seeing how Word is the most used word processor and how those of us working online and our clients rely on it, has anyone developed a strategy to deal with this security issue?

Below is more information on one of the 2 vulnerabilities. For more information, visit http://isc.sans.org.


Microsoft Word Remote Code Execution (0day)
Affected:
Microsoft Word 2000/2002/2003 and possibly other versions
Microsoft Word X for Mac

Description: A new remote code execution has been discovered in
Microsoft Word. A specially-crafted Word document could
exploit this vulnerability to execute arbitrary code with the privileges
of the current user. Note that Word documents do not open without
prompting on all versions of Word after Word 2000. A proof-of-concept
for this vulnerability is publicly available.

Status: Microsoft has not confirmed, no updates available.

Council Site actions: All of the reporting council sites are waiting
on an update and confirmation from Microsoft. Several sites have issued
warnings to their users regarding the receipt of unsolicited or
unexpected Word documents, especially from unknown sources.


Direct link Reply with quote
 

Vito Smolej
Germany
Local time: 21:17
Member (2004)
English to Slovenian
+ ...
Bill is my shepard - I shall not want Dec 19, 2006

pzchvpr wrote:
There are currently 2 Word vulnerabilities for which there are no patches.


if Microsoft themselves does not provide the patch, the only resolution is abstinence. Can you afford it?

For above-normal-level-paranoid:

http:/www.openoffice.org


Regards

smo

[Edited at 2006-12-19 19:52]


Direct link Reply with quote
 

pzchvpr  Identity Verified
Local time: 16:17
English to Spanish
+ ...
TOPIC STARTER
I use OpenOffice... but my clients don't Dec 19, 2006

smo,

I have stopped using Word myself to avoid sending out that kind of document, but my clients are not often open to the idea. I shudder every time I get an email from them that has a Word attachment. I have advised them about using an alternative but the security talk goes right over their heads.

Thanks for spreading the word about OpenOffice though. They are good people!

Charlotte


Direct link Reply with quote
 
esperantisto  Identity Verified
Local time: 23:17
Member (2006)
English to Russian
+ ...
Then use (and require from your clients) RTF Dec 20, 2006

hostile macros (viruses) normally can't survive in RTF, so, insist that clients use it.

Direct link Reply with quote
 


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

Microsoft Word Vulnerability: Ideas on getting around it?

Advanced search






PerfectIt consistency checker
Faster Checking, Greater Accuracy

PerfectIt helps deliver error-free documents. It improves consistency, ensures quality and helps to enforce style guides. It’s a powerful tool for pro users, and comes with the assurance of a 30-day money back guarantee.

More info »
Wordfast Pro
Translation Memory Software for Any Platform

Exclusive discount for ProZ.com users! Save over 13% when purchasing Wordfast Pro through ProZ.com. Wordfast is the world's #1 provider of platform-independent Translation Memory software. Consistently ranked the most user-friendly and highest value

More info »



All of ProZ.com
  • All of ProZ.com
  • Term search
  • Jobs