New Word 0-day – reminding about the benefits of non-DOC file formats

SANS ISC (Internet Storm Center) has a coverage Diary entry about recommended defenses related to this case.

. . . .

* consider additional filtering, for example using software which converts Word DOC format to something which cannot carry the virus, e.g. RTF. Consider using the free wvWare library. You will lose formatting but that might be an acceptable bargain for e-mail incoming from outside your organisation.

* consider the possibility of disabling Word and replacing it with OpenOffice until Microsoft releases patches.

Some related references:
MSRC – Reports of a new vulnerability in Microsoft Word
Another ISC entry – Targeted attack: Word exploit
Original ISC report from Thursday – Targeted attack: experience from the trenches
US-CERT VU#446012 – Microsoft Word buffer overfow Vulnerability Note
CVE entry – CVE-2006-2492
Summary-type ISC entry – Microsoft Word Vulnerability
Microsoft Security Advisory #919637 – Vulnerability in Word Could Allow Remote Code Execution

And US-CERT is pointing to Cyber Security Tip document Using Caution with Email Attachments, in turn.

UPDATE: Added CVE name reference and link to ISC’s summary-type story.
UPDATE #2: Added link to Microsoft Security Advisory.

Share