Sunday, October 14, 2007
Latest Microsoft Software bug has been created on a Mac!
Well one can expect that a day after Microsoft has released a patch the next day there will be some kind of exploit and this time it’s a cracker. Not only has it got a few people perplexed but it does seem that it could have been created on shock horror a Macintosh!!!
According to website information week (http://www.informationweek.com/news/showArticle.jhtml?articleID=202401683) Microsoft Security Bulletin MS07-060, issued on Tuesday, identifies a Word memory corruption vulnerability in Microsoft Office 2000 Service Pack 3, Microsoft Office XP Service Pack 3, and Microsoft Office 2004 for Mac that could allow code to be executed by a remote attacker.
According to the team at Symantec "We tried using various combinations of Word versions, patches and languages, and in each case (with the exception of Office 2007) opening the document would cause Word to crash," said Orla Cox, a Symantec Security Response engineer, in a blog post. "After taking a closer look, we could see that the document contained shell code and three other pieces of malware. What was interesting about the document was that it wasn't in OLE format, meaning that it wasn't a standard Microsoft Office document. After some investigation we determined that the document had actually been created using Word for Macintosh."
According to website information week (http://www.informationweek.com/news/showArticle.jhtml?articleID=202401683) Microsoft Security Bulletin MS07-060, issued on Tuesday, identifies a Word memory corruption vulnerability in Microsoft Office 2000 Service Pack 3, Microsoft Office XP Service Pack 3, and Microsoft Office 2004 for Mac that could allow code to be executed by a remote attacker.
According to the team at Symantec "We tried using various combinations of Word versions, patches and languages, and in each case (with the exception of Office 2007) opening the document would cause Word to crash," said Orla Cox, a Symantec Security Response engineer, in a blog post. "After taking a closer look, we could see that the document contained shell code and three other pieces of malware. What was interesting about the document was that it wasn't in OLE format, meaning that it wasn't a standard Microsoft Office document. After some investigation we determined that the document had actually been created using Word for Macintosh."
# posted by Peter Saville - IT Consultant @ 5:15 AM 
