MS Office has security problems
Experts have warned about a deadly weakness in how to handle Macromedia Flash files that can put users at risk of attack.
Flash files embedded in MS Office files can run or execute code that users are unaware of.
This is a security issue related to the third consecutive Microsoft Office software suite discovered in just one week.
If you successfully exploit this security error, the attacker can access sensitive information and execute malicious code on the system that is being corrupted, Symantec confirmed in the warning message sent to the guests. line.
Debasis Mohanty is a researcher who discovered this security error. However, this is a problem related to the ability to download ActiveX controls of Office files rather than a security error arising from the suite's features. ActiveX is a small application to increase the compatibility of web pages.
" The Macromedia Flash file handling method in terms of design and the feature itself does not put users at risk of being attacked ," the Microsoft representative said.
But Microsoft also confirmed that this vulnerability could be exploited by hackers to automatically operate an ActiveX on a user's system via an Office file. Microsoft has not recorded any cases of ActiveX that can help hackers break into PC systems that make mistakes.
" Microsoft will continue to investigate more information about this issue to help provide more necessary instructions for customers ," Microsoft representatives confirmed.
ActiveX-related issues are the third security issue related to Office found within a week. On Tuesday, Microsoft also confirmed that a security error related to a Windows component "hlink.dll" could be exploited by creating a malicious Excel file. Last weekend, another gap in Excel was also exploited to attack users.
To be able to exploit new security errors in Office, an attacker needs to create a dangerous file and store it on the Internet, send it via email or take it to the victim's hand. Only when the user opens the file will the attack be considered successful.
Almost every security error was discovered immediately after Microsoft released a monthly security patch.
Hoang Dung
- McAfee detected 3 new zero-day Office errors
- The security newsletter in October caused Windows 2k errors
- Discover new vulnerabilities in Microsoft Office packages
- Coming soon with Service Pack 3 for Office 2003
- Discover new vulnerabilities in Microsoft Office 2000 package
- 17 useful tips for office people
- Found vulnerabilities in Office 2007
- See network security struggles like the front
- Microsoft provides security tools for Office 2007
- 3 Perfect free replacement software for Microsoft Office
- Office's Zero-day error continues to cause anxiety
- Network security and data security in Vietnam: When the bell rings ...