Darknet - The Darkside » office http://www.darknet.org.uk Ethical Hacking, Penetration Testing & Computer Security Tue, 07 Feb 2012 18:34:17 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Trojan for the Word Vulnerability in the Wild http://www.darknet.org.uk/2006/05/trojan-for-the-word-vulnerability-in-the-wild/ http://www.darknet.org.uk/2006/05/trojan-for-the-word-vulnerability-in-the-wild/#comments Tue, 23 May 2006 03:59:13 +0000 Tiago Faria http://www.darknet.org.uk/2006/05/trojan-for-the-word-vulnerability-in-the-wild/

We all knew it was just a matter of time until the ‘thing’ was out.

PandaLabs has detected the appearance of 1Table.A, a malicious code that exploits a recently detected critical vulnerability in Microsoft Word, and which also affects versions of MS Office 2003 and XP.

Microsoft confirmed today the existence of this vulnerability and apparently is working on a hotfix.

This security problem allows the execution of code on affected systems and, more dangerously, allows the construction of malicious code which is indistinguishable at first glance from a normal Word file.

That’s more than enough to get 70%* of the people who use Microsoft Office to download and execute the file. If they open .BAT, .COM and .EXE, opening a .DOC is everyday work.

This attack is not limited to .DOC files, still, they will be the most used extension. It can take place with a .XLS file with an embedded Word document.

1Table.A – the new trojan – is detected by most of the antivirus software, however, user’s should have they’r eyes open until patch is released by Microsoft (even if they don’t consider it critical)

Source: NHS

* 80% of the statistics are made on the spot!

Digg This Article

Post to Twitter Post to Facebook Post to Google Buzz Post to Delicious Post to Digg Post to Reddit Post to StumbleUpon

]]> http://www.darknet.org.uk/2006/05/trojan-for-the-word-vulnerability-in-the-wild/feed/ 0