PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Risiko: MS Office Word 2002 SP 3



purple_rose
09.07.2008, 10:22
Microsoft warnt vor einer Lücke in MS Office Word 2002 SP3.
http://www.microsoft.com/technet/security/advisory/953635.mspx
eine deutsche Erklärung findet sich auf heise
http://www.heise.de/newsticker/Microsoft-warnt-vor-Luecke-in-Word-2002--/meldung/110648

joneum
09.07.2008, 12:46
heute früh wurde folgende Sicherheitsempfehlung veröffentlicht - sie betrifft eine mögliche Schwachstelle in Microsoft Office Word 2002 Service Pack 3. Weitere Infos entnehmt bitte der Mail unten.

Deutsche Informationen findet Ihr in den nächsten Tagen unter:
http://www.microsoft.com/germany/technet/sicherheit/empfehlungen/default.mspx

__________________________________________________ ___
What is the purpose of this alert?
This alert is to notify you that Microsoft has released Security Advisory 953635 - Vulnerability in Microsoft Word Could Allow Remote Code Execution - on 08 July 2008.

Summary

Microsoft is investigating new public reports of a possible vulnerability in Microsoft Office Word 2002 Service Pack 3. Our initial investigation indicates that customers who use all other supported versions of Microsoft Office Word, Microsoft Office Word Viewer, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, and Microsoft Office for Mac are not affected.

At this time, Microsoft is aware of limited, targeted attacks that attempt to use this vulnerability. While Microsoft Office Word 2000 does not appear vulnerable to this issue, Word 2000 may unexpectedly exit when opening a specially crafted .doc file that the attacker is using in an attempt to exploit the vulnerability.

Microsoft is investigating the public reports and customer impact. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

Mitigating Factors

* The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message.

* An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

* In a Web-based attack scenario, an attacker would have to host a Web site that contains a specially crafted Word file that is used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's site.

Recommendations

Review Microsoft Security Advisory 953635 for an overview of the issue, details on affected components, mitigating factors, suggested actions, frequently asked questions (FAQ) and links to additional resources.

Customers in the United States and Canada can receive technical support from Microsoft Customer Service and Support<http://go.microsoft.com/fwlink/?LinkId=21131> (http://go.microsoft.com/fwlink/?LinkId=21131). For more information about available support options, see the Microsoft Help and Support web page<http://support.microsoft.com/> (http://support.microsoft.com/).

International customers can receive support from their local Microsoft subsidiaries. For more information about how to contact Microsoft for international support issues, visit the International support landing page<http://go.microsoft.com/fwlink/?LinkId=21155> (http://go.microsoft.com/fwlink/?LinkId=21155).

Additional Resources

* Microsoft Security Advisory 953635- Vulnerability in Microsoft Word Could Allow Remote Code Execution - http://www.microsoft.com/technet/security/advisory/953635.mspx

* MSRC Blog: http://blogs.technet.com/msrc

Regarding Information Consistency

We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Security Advisories posted to the web are occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in the web-based Security Advisory, the information in the web-based Security Advisory is authoritative.

If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.

Thank you,
Microsoft CSS Security Team