"Microsoft is investigating a new report of limited “zero-day†attacks using a vulnerability in Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word 2004 v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006.
In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker.
As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources."
Is something to worry about working with .doc files in NeoOffice?
Joined: May 25, 2003 Posts: 4752 Location: Santa Barbara, CA
Posted: Wed Dec 06, 2006 7:33 pm Post subject:
It appears from the referenced Microsoft document that this is a buffer overflow attack on Word. As OpenOffice.org and NeoOffice do not use any code from Microsoft Word, the chances of an identical buffer overflow attack are slim.
Buffer overflow attacks are nothing new; this isn't the first and it won't be the last and there are many potential candidates.
The new "zero-day" sensationalist buzzword antivirus vendors and media attach to any unpatched flaw these days is annoying. There are millions of these things probably in just about every piece of software and they're not going to go away anytime soon.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You cannot download files in this forum