Thread: Recent word exploit also causes problems in OpenOffice
View Single Post
  #1 (permalink)  
Old 12-21-2006, 08:59 PM
MC
Guest
  
Posts: n/a
Default Recent word exploit also causes problems in OpenOffice
Exploit for Word also works with OpenOffice

The exploit for the third unpatched security hole in Word reported last
week also works in OpenOffice 2.1. If a prepared Word document is opened
in OpenOffice Writer under Windows XP SP2, Writer crashes. The dialogue
for document recovery then appears. Under Linux, the application also
crashes, prompting the message that the main memory is full.

It has not yet, however, been demonstrated that code can be injected via
this weak point in OpenOffice. But there are unconfirmed reports that
this is possible. In contrast, the hole in Word is reportedly already
being actively used to infect systems. In a test, Kaspersky's virus
scanner detected the exploit and deleted the file. But not all virus
scanners provide protection from such attacks, as a scan for the
malicious code at Virustotal showed this week.

Not all virus scanners recognize the seven day old exploit.
As of 19-12-2006, the following AV suites detected the exploit:
AntiVir, BitDefender, ClamAV, Fortinet, Ikarus, Kaspersky, McAfee,
Microsoft, NOD and Panda.

Others soon to follow, but extra care should be taken in the meantime.

Related links
http://www.heise-security.co.uk/news/82548
http://blogs.technet.com/msrc/archiv...y-reports.aspx

Reply With Quote