Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security US-CERT-Alerts
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

US-CERT Cyber Security Alert SA06-250A -- Microsoft Word Vulnerability

from [US-CERT Alerts] Network Security [Permanent Link]
Subject: US-CERT Cyber Security Alert SA06-250A -- Microsoft Word Vulnerability
Date: Thu, 7 Sep 2006 16:08:18 -0400 


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                     National Cyber Alert System

                   Cyber Security Alert SA06-250A


Microsoft Word Vulnerability

   Original release date: September 7, 2006
   Last revised: --
   Source: US-CERT


Systems Affected

     * Microsoft Word 2000

   Other versions of Word and other Microsoft Office programs may also
   be affected.


Overview

     A vulnerability in Microsoft Word 2000 could allow an attacker to
     gain control of your computer.


Solution

Do not open untrusted documents

     Microsoft has not yet released an update to address this
     vulnerability. Do not open unfamiliar or unexpected Word or other
     Office documents, including those received as email attachments
     or hosted on a web site. For more information, please see Using
     Caution with Email Attachments.


Description

     An attacker could exploit a vulnerability in Microsoft Word 2000
     by convincing a user to open a specially crafted Word document. A
     Word document could be attached to an email message, hosted on a
     web site, or included in another Office document. This
     vulnerability may affect other versions of Word and other
     Microsoft Office programs.

     For more technical information, see Vulnerability Note VU#806548
     and Microsoft Security Advisory (925059).


References

     * Vulnerability Note VU#806548 -
       <http://www.kb.cert.org/vuls/id/806548>

     * Using Caution with Email Attachments -
       <http://www.us-cert.gov/cas/tips/ST04-010.html>

     * Microsoft Security Advisory (925059) -
       <http://www.microsoft.com/technet/security/advisory/925059.mspx>

     * Microsoft Security Essentials -
       <http://www.microsoft.com/protect/>


 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/alerts/SA06-250A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT. Please send email to
   <cert@cert.org> with "SA06-250A Feedback VU#806548" in the subject.
 ____________________________________________________________________

   Mailing list information:

     <http://www.us-cert.gov/cas/>
 ____________________________________________________________________

   Produced 2006 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________


Revision History

   September 7, 2006: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRQB6aexOF3G+ig+rAQL9oAgAvr37d9b0JgIzS2g0ZObcdR4a2pVPS7OG
MOOELtIDTIu3fgxEBZE7V6ouK56uWFDFddw9cnkQ0U6CRWClltLwa8z1i9682l+K
fUSPhfGmD3rTxUwlO4ekJuPbsQIRgbQGo4WYhJ7li1CrJAfCUciK7LYFbSPY4mWJ
Pjprrtno1k57o0mIxiDtU88qcx9Wk7wTirI920fT3JNoaqidV+4+BDYoQh1LSajc
HYdaOEbCYflsw8md7Xxe6RCITnWmAkB00Y9EVinlBWlOGNAohEoId//SQefzlpg1
posJ38Us0Jb2Y73228gKHyz3o+UN+PHRZAYYz5YR6kZJbd5McMCNuw==
=VZwi
-----END PGP SIGNATURE-----
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • US-CERT Cyber Security Alert SA06-250A -- Microsoft Word Vulnerability, US-CERT Alerts <=
Next by Date:  US-CERT Cyber Security Alert SA06-255A -- Microsoft Windows and Publisher Vulnerabilities, US-CERT Alerts
Next by Thread:  US-CERT Cyber Security Alert SA06-255A -- Microsoft Windows and Publisher Vulnerabilities, US-CERT Alerts
Indexes:  [Date] [Thread] [Top] [All Lists]