09 March 2007

Beware Word docs: New bug crashes Windows XP, 2000

"March 08, 2007 (Computerworld) -- Microsoft is investigating a Windows bug that can crash PCs, requiring users to reboot. All unsaved data would be lost.

Attackers can exploit the OLE32.DLL vulnerability by crafting a malicious Word document, then duping users into downloading the document or opening it when it arrives via e-mail. Software that's linked to OLE32.DLL, such as the Windows Explorer file navigator, will crash, said Symantec.

The flaw affects Windows XP and Windows 2000.

Microsoft did not promise it would issue a patch, much less offer a timetable. Until a fix is in place, Symantec and US-CERT recommended that users not open unfamiliar or unexpected Office documents. US-CERT also warned that filtering for standard Office file extensions -- .doc for Office, .xls for Excel, for example -- isn't smart. "In most cases, Windows will call Office to open a document even if the document has an unknown file extension," US-CERT said."

Click on the link below for the full article:


No comments: