Software // Information Management
05:40 PM
Connect Directly

Microsoft's Latest Word Exploit Was Made On A Mac

Symantec researchers said they were tipped off when they realized the malware document wasn't in OLE format.

When Tuesday is patch day, Microsoft's monthly vulnerability fixing ritual, Wednesday almost certainly becomes exploit day.

So it was yesterday, when Symantec security researchers reviewed a Microsoft Word document that caused the application to crash when opened. That's because the Word file contained exploit code and other malware.

What's different about this particular exploit is that it was made on a Macintosh computer.

"We tried using various combinations of Word versions, patches, and languages, and in each case (with the exception of Office 2007), opening the document would cause Word to crash," said Orla Cox, a Symantec Security Response engineer, in a blog post. "After taking a closer look, we could see that the document contained shell code and three other pieces of malware. What was interesting about the document was that it wasn't in OLE format, meaning that it wasn't a standard Microsoft Office document. After some investigation we determined that the document had actually been created using Word for Macintosh."

Microsoft Security Bulletin MS07-060, issued on Tuesday, identifies a Word memory corruption vulnerability in Microsoft Office 2000 Service Pack 3, Microsoft Office XP Service Pack 3, and Microsoft Office 2004 for Mac that could allow code to be executed by a remote attacker.

"It seems that the trend for exploiting vulnerabilities around the same time as Patch Tuesday continues," said Cox, noting that Microsoft itself had confirmed the existence of this exploit in the wild.

Ben Greenbaum, senior researcher at Symantec Security Response, said the fact that the exploit was created on a Mac wasn't really relevant and didn't demonstrate any inherent weakness in the Mac platform with regard to security. In fact, he said that using a Mac version of Microsoft Word served to limit the effectiveness of the exploit because "many installations in the field won't open the file."

As Cox explained, "The good news is that the default configuration in Microsoft Office 2007 and Office 2003, Service Pack 3, will not allow you to open some older Office file formats, including Office for Macintosh documents."

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of December 7, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program!
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.