Threat Center Security News Get Your Office Patch ASAP!
Get Your Office Patch ASAP! Print E-mail
Written by Rebecca Mints   
Monday, 31 March 2008 15:00
According to a security company, malicious code that targets a recently patched vulnerability in Microsoft Corp.'s Office suite has gone public. Users are instructed to update their patches immediately. The patch that addresses the flaws was issued by Microsoft on March 11th in its MS08-016 four bulletin security update. The malicious code has been posted to the Milw0rm.com Web site.

According to Anthony Roe of Symantec Corp. "The exploit that is currently available uses a PowerPoint file to leverage the vulnerability on Office XP SP3. The payload is designed to execute the 'calc.exe' calculator program on Windows. However, it will not be difficult to modify this exploit to add a malicious payload."

The "Microsoft Office File Memory Corruption Vulnerability" is triggered by the rigged Powerpoint file, which is one of the two vulnerabilities fixed by MS08-016. Per Microsoft this is a "critical" flaw for Office 2000 users and "important" for users of Office XP and Office 2003 running Windows and Office 2004 for Mac. It should be noted that, according to Microsoft, a successful attack may lead to the attacker being able to relinquish control of the machine from the owner.

The standard methods of attack are to trick a user into visiting a Web site that hosts a specially rigged file or getting users to open emails containing the malicious files.

"Customers are strongly advised to install the patches from the bulletin MS08-016 if they are not installed already, especially considering the availability of this exploit," said Roe.


REFERENCES:
Computerworld
Office exploit hits the street
 

WTW Threat Level