Word Viewer – it can be your workaround in the latest Word 0-day case
In many Word 0-day vulnerabilities covered by SecuriTeam Blogs Word Viewer utility is being included to affected products.
This week the situation is different, however.
Related to the most recent MS Word vulnerability Word Viewer 2003 and Word Viewer 2003 Service Pack 3 are not vulnerable (Microsoft’s advisory here). Word Viewer 2003 SP3 KB document here, in turn.
To readers not familiar with these cases: Normally these vulnerabilities are being reported related to targeted attacks via e-mail. References are listed here: CVE-2008-2244. This particular case in known as so-called attachement.doc case. Trojan malware related to this case is from MSWord.Agent.cq series.
There are connections to Beijing Olympics too – in the form of attend_the_opening_ceremony_of_the_29th_olympic_games_in_beijin.doc files too.
A fix for this vulnerability is not expected before August ‘s Black Tuesday. The most important question is: how to implement the use of Word Viewer in your organization.