Microsoft Word Vulnerability: Ideas on getting around it?
Thread poster: pzchvpr

pzchvpr  Identity Verified
Local time: 08:51
English to Spanish
+ ...
Dec 19, 2006

There are currently 2 Word vulnerabilities for which there are no patches. Seeing how Word is the most used word processor and how those of us working online and our clients rely on it, has anyone developed a strategy to deal with this security issue?

Below is more information on one of the 2 vulnerabilities. For more information, visit http://isc.sans.org.


Microsoft Word Remote Code Execution (0day)
Affected:
Microsoft Word 2000/2002/2003 and possibly other versions
Microsoft Word X for Mac

Description: A new remote code execution has been discovered in
Microsoft Word. A specially-crafted Word document could
exploit this vulnerability to execute arbitrary code with the privileges
of the current user. Note that Word documents do not open without
prompting on all versions of Word after Word 2000. A proof-of-concept
for this vulnerability is publicly available.

Status: Microsoft has not confirmed, no updates available.

Council Site actions: All of the reporting council sites are waiting
on an update and confirmation from Microsoft. Several sites have issued
warnings to their users regarding the receipt of unsolicited or
unexpected Word documents, especially from unknown sources.


Direct link Reply with quote
 

Vito Smolej
Germany
Local time: 14:51
Member (2004)
English to Slovenian
+ ...
Bill is my shepard - I shall not want Dec 19, 2006

pzchvpr wrote:
There are currently 2 Word vulnerabilities for which there are no patches.


if Microsoft themselves does not provide the patch, the only resolution is abstinence. Can you afford it?

For above-normal-level-paranoid:

http:/www.openoffice.org


Regards

smo

[Edited at 2006-12-19 19:52]


Direct link Reply with quote
 

pzchvpr  Identity Verified
Local time: 08:51
English to Spanish
+ ...
TOPIC STARTER
I use OpenOffice... but my clients don't Dec 19, 2006

smo,

I have stopped using Word myself to avoid sending out that kind of document, but my clients are not often open to the idea. I shudder every time I get an email from them that has a Word attachment. I have advised them about using an alternative but the security talk goes right over their heads.

Thanks for spreading the word about OpenOffice though. They are good people!

Charlotte


Direct link Reply with quote
 
esperantisto  Identity Verified
Local time: 15:51
Member (2006)
English to Russian
+ ...
Then use (and require from your clients) RTF Dec 20, 2006

hostile macros (viruses) normally can't survive in RTF, so, insist that clients use it.

Direct link Reply with quote
 


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

Microsoft Word Vulnerability: Ideas on getting around it?

Advanced search






Protemos translation business management system
Create your account in minutes, and start working! 3-month trial for agencies, and free for freelancers!

The system lets you keep client/vendor database, with contacts and rates, manage projects and assign jobs to vendors, issue invoices, track payments, store and manage project files, generate business reports on turnover profit per client/manager etc.

More info »
memoQ translator pro
Kilgray's memoQ is the world's fastest developing integrated localization & translation environment rendering you more productive and efficient.

With our advanced file filters, unlimited language and advanced file support, memoQ translator pro has been designed for translators and reviewers who work on their own, with other translators or in team-based translation projects.

More info »



All of ProZ.com
  • All of ProZ.com
  • Term search
  • Jobs