- Servers
- Desktops
- Laptops
- Tablet PCs
- PDAs
- Smart phones
- Digital cameras
- Camcorders
- Printers & multifunction devices
- Scanners
- Copiers
- Monitors & projectors
- Hard drives & burners
- Peripherals
- Productivity
- Accounting & finance
- Data management
- Graphics & publishing
- Web publishing
- Operating systems
- Security & utilities
- Downloads & trial software
- Handheld software
- Instant messaging
- Cell phones & plans
- Voice over Internet
- Telephones
- Routers & gateways
- Wireless networking
- Network adapters
- Internet access
- Web hosting
- Domain search
- Hotspot Zone
- Desktops
- Laptops
- Servers and storage
- PDAs
- Cell phones
- Monitors & projectors
- Printers
- Networking and wireless
- Security and utility software
- Productivity software
- Access, hosting, and services
- All business buying guides
Rob Vamosi's
award-winning
column on Internet threats and how to counter them
Delivered Mondays
CNET Security Center: Your complete source of antivirus and Internet security information.
Unspecified Code Execution Vulnerability in Word 2000
Zero-day exploit targets Microsoft Word 2000 documents.
By Robert Vamosi (September 7, 2006)
There's an unspecified new vulnerability affecting Word 2000 documents running on Windows 2000 systems. Although it's been exploited in the wild, security vendors are downplaying the threat as it is hard to execute on a victim's machine. Nonetheless, Microsoft has issued a Security Advisory for the vulnerablity which allows remote user-assisted attackers to execute arbitrary code on a compromised machine. Various security have identified the Trojans used in such attacks with names including Trojan.Mdropper.Q, Mofei, and Femo.
Zero-day exploit targets Microsoft Word 2000 documents.
By Robert Vamosi (September 7, 2006)
QUICK FACTS
Name: Unspecified Code Execution Vulnerability in Word 2000
Date first reported: 09/5/06
Software vulnerable: Microsoft Word 2000
What it does: Allows remote exploitation of your PC.
Recommendations: Open Word 2000 documents using Microsoft's free Word Viewer 2003.
Exploit code available: Yes
Vendor patch available: No
Date first reported: 09/5/06
Software vulnerable: Microsoft Word 2000
What it does: Allows remote exploitation of your PC.
Recommendations: Open Word 2000 documents using Microsoft's free Word Viewer 2003.
Exploit code available: Yes
Vendor patch available: No
Additional Resources:
- Microsoft info: Security Advisory
- NIST.gov: CVE-2006-4534
- FrSIRT: ADV-2006-3448
- News.com: Word flaw hit with zero-day attack
- Secunia advisory #: 21735
