TECHNOLOGY
- Infrastructure
  - Network
  - Security
    - Virus
    - Intruder
    - Spyware
    - Spam
    - Theft
    - Disaster Recovery
    - Privacy
  - Client
    - Desktop
    - Laptop
    - PDA
  - Server
    - Load Balancing
  - Mobile
  - Operating Systems
    - Windows
    - Linux
    - Mac
    - Unix
    - Other
  - Data Center
  - Virtualization
- Applications
  - ERP
  - CRM
  - BI
  - BPM
  - KM
  - SCM
  - RFID
  - Middleware/EAI
  - Portals
    - B-to-B
    - Consumer
  - Inventory Management
  - Databases
  - Document Management
  - E-Business
  - Data Warehouse
- Development
  - Open Source
  - Eclipse
  - Java
  - .NET
  - Agile
  - Web Services
- Architecture
  - SOA
  - Enterprise Architecture
LEADERSHIP

IT DRILLDOWN

NEWSLETTERS

CIO.com updates, insights and advice on technology, management and your career.

LEADERSHIP

CIO Executive Programs

The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

CIO Executive Council

A Peer-Advisory Service and Professional Association for CIOs

Social Responsibility's Strategic Benefits

December 15, 11:30 AM - 12:30 PM US/Eastern (GMT-5)

Join Ed Granger-Happ, CIO of Save the Children, for a discussion of how creating an organization that is socially responsible improves staffing, retention, leadership development and overall corporate health.

Working With and Communicating to Your Board of Directors

January 13, 2009, 4:00 PM - 5:00 PM US/Eastern (GMT-5)

CIO panelists who will share tips and experiences working with their boards: Twila Day of SYSCO; Jeff O'Hare, West Corp.; Marc West, formerly with H&R Block.

IT's Role in Growing Mid-Market Companies

January 14, 4:00 PM - 5:00 PM ET (GMT-5)

Mid-market Council members will share their companies' stories and challenges in driving or coping with growth. Panelists represent Veterinary Pet Insurance, Medicis Pharmaceutical, and Intrax Cultural Exchange.

More / Register »

Learn more about the CIO Executive Council »

RESOURCE CENTER

buy a link »

SUBSCRIBE TO CIO

Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

Subscription Services »

News

Attack Code Posted for Microsoft Works Bug

Leave a comment

By Robert McMillan

February 13, 2008 — IDG News Service —

Just one day after Microsoft issued a massive set of security patches for its software, hackers have begun posting code showing how to exploit one of the flaws.

The proof-of-concept code, posted Wednesday to the Milw0rm Web site, exploits a bug in the Microsoft Works file converter software that is part of Office 2003 and can be used to run unauthorized software on a victim's computer.

The flaw also affects Works 8 and Works Suite 2005. To fall prey to the attack, a victim would first have to open a malicious Works attachment.

Hackers have uncovered many of these file-format bugs in recent years and they are generally not used in widespread attacks. In fact, security vendor Symantec predicts that we'll see fewer of these attacks in the months ahead as online criminals increasingly rely on browser bugs to do their dirty work.

"The bad guys, they're looking for different ways to trick people," said Wayne Periman, director of development with Symantec Security Response. "The popular method of choice is to exploit plugins in browsers right now."

Still, Periman expects criminals to try out this latest attack code. "It's so simple," he said. "All you have to do is get someone to open the document."

As of Wednesday, Symantec had not seen any signs of attackers taking advantage of any of the flaws that Microsoft fixed this week.

The software vendor released 11 sets of patches this week, fixing 17 flaws in its products, but this is the first exploit code to pop up following Tuesday's updates. A second program exploiting one of these vulnerabilities -- this one in an ActiveX control used by the Visual FoxPro database -- was posted to Milw0rm in September, months before Microsoft patched the issue.

Copyright © 2008 IDG News Service. All rights reserved. IDG News Service is a trademark of International Data Group, Inc.

Email

Print

Share [+]

RELATED ARTICLES

TOOLS

Comments

LinkedIn

Email

RELATED

WHITE PAPERS

Operational Excellence Is Key to Maximizing IT Investments

Learning from BPM Leaders

Optimizing Infrastructure Control

File Integrity Monitoring: Secure Your Virtual and Physical IT Environments

Configuration Assessment: Choosing the Right Solution

Effective Security with a Continuous Approach to ISO 27001 Compliance

WEBCASTS

Data Protection: Challenges for the Traveling User

Revolutionizing Endpoint Security with a Single Agent

Gartner on Data Deduplication Cost Savings

Optimizing Wide-Area Data Services Webcast

Dashboard Strategies for Business Users

Raising the Bar on Business Service Delivery: Best Practices in Application Performance

Resource Alerts

Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.

Tight Budgets Favor Low-End Servers

Could Your Web Surfing Be Greener?

New Microsoft Cashback Deal Follows Outage

High Court Narrows Penalty Against Qualcomm

Major E-Stores Malfunction on Black Friday and Cyber Monday

Clearwire, Sprint Close WiMax Deal

Netbooks: Small, Cheap -- and Fast?

Clearwire, Sprint Close WiMax Deal

'Social Mobile' Applications: the Missing Book

Vista SP2 Due Next April, Says Report

ABCs

How To Do Nearly Anything

Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.

Over 25 tutorials on everything from business intelligence to virtualization.

WHITE PAPERS

Operational Excellence Is Key to Maximizing IT Investments

Learning from BPM Leaders

Optimizing Infrastructure Control

File Integrity Monitoring: Secure Your Virtual and Physical IT Environments

Configuration Assessment: Choosing the Right Solution

Effective Security with a Continuous Approach to ISO 27001 Compliance

A Study in Critical Success Factors for SOA

The Move Toward ITSM Mobilization

Check Point Endpoint Security - Unifying Essential Components

The Handbook of Application Delivery: Everything You Wanted to Know but Didn't Know You Needed to Ask

The CIO's Guide to Mobile Applications

Oklahoma County Sheriff's Office Case Study

Leveraging Two-Factor Authentication to Provide Secure Access to Corporate Resources from BlackBerry Devices

JJ Barnicke Limited Case Study

HJ Heinz Case Study

California Transplant Donor Network Case Study

Determining the Return on Investment of Web Application Acceleration Managed Services

Fulfilling Remote Access Strategies by Transforming the Internet into a Business-Grade Application Delivery Platform

Akamai Helps Improve Web-Enabled SAP Performance

More White Papers »

FEATURED SPONSORS

SPONSORED LINKS

Operational Excellence Is Key to Maximizing IT Investments

Data Protection: Challenges for the Traveling User

Check Point Endpoint Security - Unifying Essential Components

Learn how the new Quad-Core AMD Opteron™ processor improves performance

Determine the ROI of Web Application Acceleration Managed Services

Achieve a 50:1 Data Deduplication Ratio

State of the Market: Application Performance Management

Proactively Identify and Resolve Performance Issues

Union Bank of California Improves its Online Banking Services

The Link Between APM and Customer Satisfaction

Providing Around-the-Clock Customer Satisfaction

Explore the value of bringing better BI to business users through dashboards.

The ECM Paradox: Extending Local Flexibility to Strengthen Central Control

Grassroots Data Governance with SAP MDM

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

A Guide to Understanding Hosted and Managed Messaging

Google Apps Premier Edition Helps Indoff Manage E-mail More Effectively

CapGemini Cut Call Center Costs with Google Apps Premier Edition

Comprehensive Review of Security and Vulnerability Protections for Google Apps

Web 2.0 The New Face of the Web

Information Agenda - An innovative approach to transforming business information

Live Webcast - Ensuring Business Services Delivery

The Case for Business Software Assurance ~ Securing Your Applications

Efficient by design: Watch this flash demo of the Quad-Core AMD Opteron Processor

HP and Oracle deploy unbreakable computing infrastructure at Replacements, Ltd.

Learning from BPM Leaders

Revolutionizing Endpoint Security with a Single Agent

The Handbook of Application Delivery: Everything You Wanted to Know but Didnt Know You Needed to Ask

Improve Web-Enabled SAP Performance

Gartner on Data Deduplication Cost Savings

Data Protection Options Explained

Effectively Managing High-Performing, Business-Critical Web Applications

Managing Service Level Agreements to Achieve Business Goals

APM Solutions: A Window into Complex Web Applications

APM Solutions Offer Insight into Complex Web Applications

White Paper: Learn how wide-area data services accelerate applications

Gap Analysis: The Case for Data Services

Learn how Technology Escrow provides access to critical application source code

Information Security: Data Drains and How to Prevent Loss

Best Practices in Choosing and Consuming Managed Security Services

A Guide to Messaging Archiving

2008 Google Communications Intelligence Report

The Impact of Messaging and Web Threats

Comparing Google and Other Leading Messaging Security Solutions

Mission Impossible: Building the Right Project Metrics

"Enterprise-Proven" is the Prerequisite for Enterprise SaaS Portal Solutions

A New Model of Business Intelligence

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Renowned Engineering Institution Chooses AMD Processor-Based Servers

Predict the future with HP Insight Power Manager

© 1994 - 2008 CXO Media Inc. An International Data Group(IDG) Company