Symantec Warns of New Zero-Day Word Attack Jan 27, 2007
Hackers are exploiting a new, unpatched vulnerability in Microsoft Word that could allow them to take control of a victim's computer, Symantec has warned. The zero-day vulnerability is the fourth in Microsoft's widely-used Word 2000 software that has not yet been patched, the security company said in its Security Response Warning. A zero-day vulnerability refers to a security hole for which exploits are already available when it was discovered. This latest one affects most versions of Windows running Word, Symantec's advisory said. Danish security vender Secunia ApS also reported the vulnerability, and rated it as "extremely critical," its highest-level warning. Microsoft, however, said the attacks are "very limited." The attack comes via an infected Word document , a method increasingly used by hackers for targeted attacks. If the document is opened, it installs a Trojan horse program, called Trojan.Mdropper.W, onto the computer, Lau wrote. The Trojan also puts other files on a computer that enable a hacker to control it. Microsoft released three sets of critical patches on Jan. 9, including ones for Outlook, PowerPoint and Windows, but not for Word. Word Widely Used Users can avoid trouble by not opening unexpected Word documents attached to e-mail. Hackers often spam out thousands of messages with harmful attachments, such as Trojan horse programs , hoping unsuspecting victims will open them. Trojans often look harmless and can quietly install themselves on a computer with no visible signs. The use of Word to mount an attack can be particularly effective since the file format is so widely used. http://www.pcworld.com/article/id,128666-pg,1/article.html Vikas Kapoor, MSN ID: [EMAIL PROTECTED] Yahoo ID: [EMAIL PROTECTED] Skype ID: dl_vikas Mobile: (+91) 9891098137. To unsubscribe send a message to [EMAIL PROTECTED] with the subject unsubscribe. To change your subscription to digest mode or make any other changes, please visit the list home page at http://accessindia.org.in/mailman/listinfo/accessindia_accessindia.org.in
