MS Office affected by more and more zero day vulnerabilities

Not even a month had passed since Symantec reported that Word is the target of Internet attacks, due to one critical ("zero-day") vulnerability, that yet another sign of weakness hits Microsoft's products.

On May 20, Symantec reported that they had discovered a zero-day exploit in the popular text editor Word, which affected editions 2000, 2003 and XP. The exploit allowed the hacker to take control over a machine by introducing through that vulnerability a trojan called Backdoor.Ginwui. The trojan was very dangerous since it was able to pass through various spam filters and since Symantec recognized that its main product, "Norton Anti-Virus", was not as capable of detecting specific malicious Word files.

And now a new vulnerability hits another important program from the Office suite, Excel. The unfortunate event comes only a couple of days later after Microsoft patched Word's vulnerability. The wierd thing is that Excel suffers from almost the same weakness: a machine can be infected if a na´ve user opens an infected Excel document that comes as an attachment to an e-mail. Microsoft Office affected by more and more zero-day vulnerabilities - Tech News - - Science & Technology

Linked by shanmuga Sunday, 18th June 2006 11:24PM