More security holes appear in Microsoft Office
In addition to this long list of missing Microsoft patches, there are at least three serious (unpatched) vulnerabilities in the Microsoft Office productivity suite.
On August 12, the same day Microsoft released a slew of Office patches, TippingPoint’s DV Labs published a bare-bones advisory warning about a new high-risk Office flaw that allows code execution attacks.
From the DVLabs pre-patch alert:
- This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
[ SEE: Where on earth are these Microsoft patches? ]
The company also has two additional unpatched Office bugs on its list:
- July 8, 2008: This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
- May 5, 2008: This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Vulnerability discoveries made by TippingPoints DV Labs are different from those purchased by the company’s ZDI (Zero Day Initiative).
[Source: zdnet]
Post a Comment