Microsoft says Word 2000 flaw is limited to DoS attacks

By Dan Kaplan on Feb 13, 2007 6:37 PM
Filed under Applications

A newly reported vulnerability in Word is limited to DoS attacks and does not allow remote code execution, according to Microsoft.

"Denial of service is clearly not as critical as other recent issues," McAfee Avert Labs researcher Craig Schmugar said in a Friday blog post. "Looks like this targeted attack was flawed."

Still, with the latest bug, the total number of unpatched Word vulnerabilities has reached at least five. And on Feb. 2, Microsoft reported a zero-day exploit targeting Excel but potentially affecting other Office components.

This high number of outstanding flaws may change with today’s scheduled monthly security update, in which the software giant is expected to release a record dozen fixes, including two critical Office patches.

Many security experts have predicted Microsoft would release out-of-cycle fixes for the Word flaws since December. But Microsoft, which has only ever released two out-of-band patches, has held off.

Click here to email reporter Dan Kaplan.
Keywords
microsoft, word, 2000, flaw, limited, dos, attacks
Related

What are your thoughts on this article? Add your comment below.

To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.

NOTE: You must be a registered member of SC Magazine to post a comment.

Click here to login | Click here to register
comments powered by Disqus
Sign up to receive SC Magazine email newsletters
   FOLLOW US...
Most Read