Read Sean

Read me, read Sean.

posts - 508, comments - 655, trackbacks - 9, articles - 4

[鏈接] Another Zero-Day Vulnerability Has Been Confirmed in MS Word

Posted on 2006-12-06 22:47 laogao 閱讀(1016) 評論(1) 編輯收藏所屬分類: Computer Usage 、Web Clips

http://www.microsoft.com/technet/security/advisory/929433.mspx

大家小心了，不要隨便打開不明來源的Word文檔，尤其是郵件附件或者網(wǎng)上采集的Word格式的文章，目前發(fā)現(xiàn)的這個缺陷在幾乎所有市場上使用的Word版本（2000~2003等等）中都存在。至于何時可以發(fā)布補丁，目前官方還沒有一個正式的時間表。

根據(jù)微軟官方說明，該vulnerability的workaround是：
"Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted Word file." 不要打開不可靠的來源的Word文件，或者可靠的來源但并非預(yù)期會收到的Word文件，該缺陷可以在用戶打開特別制作的Word文件時...blah blah blah

官方建議采取的行動包括：
"We recommend that customers exercise extreme caution when they accept file transfers from both known and unknown sources." 我們建議客戶在接受文件傳輸時要“極端小心”，不論該文件來自認(rèn)識的人或者不認(rèn)識的人。

Fantastic!

建議大家還是在文件傳輸和共享時多多使用PDF或者其他更透明的格式吧。

For those interested, here is the link to an earlier Word vulnerability alert by EWeek:
http://www.eweek.com/article2/0,1895,1965042,00.asp

Feedback

# re: [鏈接] Another Zero-Day Vulnerability Has Been Confirmed in MS Word 回復(fù) 更多評論

2006-12-08 23:50 by 大胃

UPDATE

來自CNET News.com的報道：

No fix yet for zero-day flaw in Word
http://news.com.com/2100-1002_3-6141796.html

新用戶注冊刷新評論列表


只有注冊用戶登錄后才能發(fā)表評論。




網(wǎng)站導(dǎo)航: 博客園 IT新聞 Chat2DB C++博客博問管理
相關(guān)文章: Mac安裝tsocks [RPi] 樹梅派安裝XBMC并讓其支持中文 IntelliJ IDEA 常用快捷鍵 "上海"是如何變成"涓婃搗"的？ [Tips] 如何給SVN資源庫降級 ssh+tsocks - 遠(yuǎn)程辦公利器 [Tips] Emacs字符編碼相關(guān)指令 Ubuntu Karmic安裝手記 - T400s [Tips] DIY制表符鍵自動補全(bash) "已"是如何變成"?·2"的？小記UTF-8編碼

Read Sean

導(dǎo)航

公告

常用鏈接

留言簿(29)

隨筆分類(842)

隨筆檔案(507)

文章檔案(4)

Friends' blogs

搜索

積分與排名

最新評論

閱讀排行榜

評論排行榜

[鏈接] Another Zero-Day Vulnerability Has Been Confirmed in MS Word

Feedback

# re: [鏈接] Another Zero-Day Vulnerability Has Been Confirmed in MS Word 回復(fù) 更多評論