Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security US-CERT-Alerts
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

US-CERT Cyber Security Alert SA06-139A -- Microsoft Word Vulnerability

from [US-CERT Alerts] Network Security [Permanent Link]
Subject: US-CERT Cyber Security Alert SA06-139A -- Microsoft Word Vulnerability
Date: Fri, 19 May 2006 22:07:39 -0400 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                     National Cyber Alert System

                   Cyber Security Alert SA06-229A


Microsoft Word Vulnerability

   Original release date: May 19, 2006
   Last revised: --
   Source: US-CERT


Systems Affected

     * Microsoft Word 2003
     * Microsoft Word XP (2002)

   Microsoft Word is included in Microsoft Works Suite and Microsoft
   Office. Other versions of Word and other Office programs may also
   be affected.


Overview

     A vulnerability in Microsoft Word could allow an attacker to gain
     control of your computer.


Solution

Do not open untrusted Word documents

     At the time of writing, an update is not available. Do not open
     unfamiliar or unexpected Word or other Office documents,
     including those received as email attachments or hosted on a web
     site. Please see US-CERT Cyber Security Tip ST04-010 for more
     information.


Description

     An attacker could exploit a vulnerability in Microsoft Word by
     convincing a user to open a specially crafted Word document. The
     Word document could be included as an email attachment or hosted
     on a web site. It may also be possible to exploit the
     vulnerability using Word documents embedded in other Office
     documents.

     For more technical information, see US-CERT Technical Alert
     TA06-139A.


References

     * US-CERT Technical Alert TA06-139A -
       <http://www.us-cert.gov/cas/techalerts/TA06-139A.html>

     * Vulnerability Note VU#446012 -
       <http://www.kb.cert.org/vuls/id/446012>

     * Cyber Security Tip ST04-010 -
       <http://www.us-cert.gov/cas/tips/ST04-010.html>

     * Microsoft Security Essentials -
       <http://www.microsoft.com/protect/>


 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/alerts/SA06-139A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT. Please send email to
   <cert@cert.org> with "SA06-139A Feedback VU#446012" in the subject.
 ____________________________________________________________________

   Mailing list information:

     <http://www.us-cert.gov/cas/>
 ____________________________________________________________________

   Produced 2006 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________


Revision History

   May 19, 2006: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRG55i30pj593lg50AQIrcwf/TWbIjKkkOncEHEJ4yqJgSFN9+5BP1kd/
Nh9noh8gwvnV20IL70sgmdd35Q8KflsOVuHCPFNlE2RgiGXp1WQrub2AxWiJ+jQe
t//7bZjAGYDOvnPp5PsF4estqPdsfwWEOM3XvaY5ZgIHYp1UknkLTM9O3hf5gfl2
fYuJ/aR+73z9Udy/r6IaPDenpJ7AKvpvKTbiZ5HZ7F6Ax3s6dY/xANtz71mW+p6L
00Dl+hGIShgemuAkLQ7yYSfjRnmJnh7VqIBm5k6SXAMVAHTI8fmDusDe+JLWZZlF
VDgS/ifQ/kcesQephBD0/ZjQ/y9h1f84hrivanU9AE6z5IQXB8yMMw==
=K0Ch
-----END PGP SIGNATURE-----
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • US-CERT Cyber Security Alert SA06-139A -- Microsoft Word Vulnerability, US-CERT Alerts <=
Previous by Date:  US-CERT Cyber Security Alert SA06-132B -- Apple QuickTime Vulnerabilities, US-CERT Alerts
Previous by Thread:  US-CERT Cyber Security Alert SA06-132B -- Apple QuickTime Vulnerabilities, US-CERT Alerts
Indexes:  [Date] [Thread] [Top] [All Lists]