Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, July 12, 2005

Word Bug Shows Trend In File Format Hacks

The vulnerability in Microsoft Word is only the latest in a spreading trend that’s seeing hackers probe for foibles and failings in file formats, a security firm says.  The vulnerability in Microsoft Word is only the latest in a spreading trend that’s seeing hackers probe for foibles and failings in file formats, a security analyst from the company which first uncovered the Word bug said Wednesday.

“We’re starting to see a trend in vulnerability discovery where people are going after file format vulnerabilities,” said Michael Sutton, the director of iDefense Labs, the research arm of Reston, Va.-based security intelligence firm iDefense.  “There have been numerous vulnerabilities found in image file formats and multimedia file formats,” Sutton went on.  “Actually, the vulnerabilities don’t exist in the files themselves, but in the programs that read and interpret them.”

That’s the case with the Word vulnerability that Microsoft disclosed Tuesday.  According to Microsoft’s security bulletin and iDefense’s own analysis, a specially-crafted Word file (in .doc format) containing extra-long font data can cause Word 2000 and Word 2002 to fail, and give the attacker complete access to the machine.

“If everyone plays by the [file format] rules, everything works fine,” said Sutton.  “But what happens if I don’t follow that format?”  The reason why attackers are increasingly looking for file format processing flaws, said Sutton, is that users are leery about accepting executable files, and most enterprises have blocked them from arriving as incoming e-mail attachments.

http://informationweek.com/story/showArticle.jhtml%3Bjsessionid=XQXHGZHLNPNA4QSNDBGCKHSCJUMEKJVN?articleID=165702181

Posted on 07/12
WarningsPermalink