Read Sean

Read me, read Sean.

posts - 508, comments - 655, trackbacks - 9, articles - 4

[鏈接] Another Zero-Day Vulnerability Has Been Confirmed in MS Word

Posted on 2006-12-06 22:47 laogao 閱讀(1020) 評論(1) 編輯收藏所屬分類: Computer Usage 、Web Clips

http://www.microsoft.com/technet/security/advisory/929433.mspx

大家小心了，不要隨便打開不明來源的Word文檔，尤其是郵件附件或者網上采集的Word格式的文章，目前發現的這個缺陷在幾乎所有市場上使用的Word版本（2000~2003等等）中都存在。至于何時可以發布補丁，目前官方還沒有一個正式的時間表。

根據微軟官方說明，該vulnerability的workaround是：
"Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted Word file." 不要打開不可靠的來源的Word文件，或者可靠的來源但并非預期會收到的Word文件，該缺陷可以在用戶打開特別制作的Word文件時...blah blah blah

官方建議采取的行動包括：
"We recommend that customers exercise extreme caution when they accept file transfers from both known and unknown sources." 我們建議客戶在接受文件傳輸時要“極端小心”，不論該文件來自認識的人或者不認識的人。

Fantastic!

建議大家還是在文件傳輸和共享時多多使用PDF或者其他更透明的格式吧。

For those interested, here is the link to an earlier Word vulnerability alert by EWeek:
http://www.eweek.com/article2/0,1895,1965042,00.asp

Feedback

# re: [鏈接] Another Zero-Day Vulnerability Has Been Confirmed in MS Word 回復 更多評論

2006-12-08 23:50 by 大胃

UPDATE

來自CNET News.com的報道：

No fix yet for zero-day flaw in Word
http://news.com.com/2100-1002_3-6141796.html

新用戶注冊刷新評論列表


只有注冊用戶登錄后才能發表評論。




網站導航: 博客園 IT新聞 Chat2DB C++博客博問管理
相關文章: Mac安裝tsocks [RPi] 樹梅派安裝XBMC并讓其支持中文 IntelliJ IDEA 常用快捷鍵 "上海"是如何變成"涓婃搗"的？ [Tips] 如何給SVN資源庫降級 ssh+tsocks - 遠程辦公利器 [Tips] Emacs字符編碼相關指令 Ubuntu Karmic安裝手記 - T400s [Tips] DIY制表符鍵自動補全(bash) "已"是如何變成"?·2"的？小記UTF-8編碼

Read Sean

導航

公告

常用鏈接

留言簿(29)

隨筆分類(842)

隨筆檔案(507)

文章檔案(4)

Friends' blogs

搜索

積分與排名

最新評論

閱讀排行榜

評論排行榜

[鏈接] Another Zero-Day Vulnerability Has Been Confirmed in MS Word

Feedback

# re: [鏈接] Another Zero-Day Vulnerability Has Been Confirmed in MS Word 回復 更多評論

Read Sean

導航

公告

常用鏈接

留言簿(29)

隨筆分類(842)

隨筆檔案(507)

文章檔案(4)

Friends' blogs

搜索

積分與排名

最新評論

閱讀排行榜

評論排行榜

[鏈接] Another Zero-Day Vulnerability Has Been Confirmed in MS Word

Feedback

# re: [鏈接] Another Zero-Day Vulnerability Has Been Confirmed in MS Word 回復 更多評論

# re: [鏈接] Another Zero-Day Vulnerability Has Been Confirmed in MS Word 回復更多評論