MS Word Security Flaw Reported - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

MS Word Security Flaw Reported

A flaw in Microsoft Word 2000, and possibly Word 2002, could be used by hackers to crash PCs or run other code on the compromised machine.

A flaw in Microsoft Word 2000, and possibly Word 2002 as well, could be used by hackers to crash PCs or perhaps run other code on the compromised machine, a security firm said Thursday.

According to an alert from Copenhagen-based Secunia, the bug in Word stems from an input validation error within the parsing of document files, and if exploited could cause a stack-based buffer overflow that in turn leads to a denial-of-service (DoS) and a crash.

The bug has been confirmed in Word 2000, but also reported (though not confirmed) in Word 2002, the version in Office XP.

"Due to the nature of the problem, execution of arbitrary code may potentially also be possible, though it has not been proven," Secunia's alert read.

Hackers could send specially-crafted documents as attachments, or entice users to malicious Web site where bad Word docs lie in wait. Unless the security level of Internet Explorer is set to "High" or the "File download" setting has been disabled, said Secunia, users clicking on Word doc links at a Web site could be at risk.

The security firm rates the bug as "Highly Critical." A patch for the problem is not yet available from Microsoft.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Pandemic Responses Make Room for More Data Opportunities
Jessica Davis, Senior Editor, Enterprise Apps,  5/4/2021
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Transformation, Disruption, and Gender Diversity in Tech
Joao-Pierre S. Ruth, Senior Writer,  5/6/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll