惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google Online Security Blog
Google Online Security Blog
博客园_首页
酷 壳 – CoolShell
酷 壳 – CoolShell
Jina AI
Jina AI
博客园 - Franky
大猫的无限游戏
大猫的无限游戏
Hugging Face - Blog
Hugging Face - Blog
博客园 - 司徒正美
V
V2EX
雷峰网
雷峰网
云风的 BLOG
云风的 BLOG
V
Visual Studio Blog
F
Full Disclosure
Y
Y Combinator Blog
V
V2EX - 技术
Attack and Defense Labs
Attack and Defense Labs
S
Security @ Cisco Blogs
Schneier on Security
Schneier on Security
Microsoft Azure Blog
Microsoft Azure Blog
SecWiki News
SecWiki News
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
The GitHub Blog
The GitHub Blog
量子位
PCI Perspectives
PCI Perspectives
S
Secure Thoughts
D
Darknet – Hacking Tools, Hacker News & Cyber Security
AWS News Blog
AWS News Blog
Blog — PlanetScale
Blog — PlanetScale
爱范儿
爱范儿
K
Kaspersky official blog
B
Blog
A
Arctic Wolf
Hacker News: Ask HN
Hacker News: Ask HN
L
LangChain Blog
T
Tor Project blog
P
Privacy & Cybersecurity Law Blog
Recent Announcements
Recent Announcements
宝玉的分享
宝玉的分享
The Register - Security
The Register - Security
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
L
Lohrmann on Cybersecurity
D
Docker
A
About on SuperTechFans
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Google DeepMind News
Google DeepMind News
The Last Watchdog
The Last Watchdog
S
Security Affairs
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
P
Privacy International News Feed
Simon Willison's Weblog
Simon Willison's Weblog

博客园 - 大胃

[导入]NAnt 0.85的两个bug (续) [导入]NAnt 0.85的两个bug [导入][链接] Third Word vulnerability found [导入][新闻] GWT(Google Web Toolkit)宣布开源 [导入][链接] .NET版的IPC Pipes? [导入][链接] Google Joins Eclipse Foundation [导入][链接] IBM votes NO on Open XML in ECMA [导入]Vista, Office, and User Lock-in - 大胃 [导入][链接] 关于Trusted Computing的短片 - 大胃 [导入][链接] Adobe Reader 也发现安全漏洞 [导入][链接] Open Source Java Clustering [导入][一点一滴学英语] 20061205 [导入][链接] Linux Distribution Chooser [导入][链接] Top 10: The best, worst... and craziest uses of RFID [导入][链接] 关于Vista的关机选项 [导入][Tips] 在Ubuntu下限制本机使用的网络带宽 [导入][链接] 两个有趣的Eclipse插件 [导入]Drip, Transfusion, Perfusion还是Infusion?关于一个词的翻译 [导入][阅读] "Computer Programmer" vs. "Software Developer"
[导入][链接] Another Zero-Day Vulnerability Has Been Confirmed in MS Word
大胃 · 2006-12-06 · via 博客园 - 大胃

http://www.microsoft.com/technet/security/advisory/929433.mspx

大家小心了,不要随便打开不明来源的Word文档,尤其是邮件附件或者网上采集的Word格式的文章,目前发现的这个缺陷在几乎所有市场上使用的Word版本(2000~2003等等)中都存在。至于何时可以发布补丁,目前官方还没有一个正式的时间表。

根据微软官方说明,该vulnerability的workaround是:
"Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted Word file." 不要打开不可靠的来源的Word文件,或者可靠的来源但并非预期会收到的Word文件,该缺陷可以在用户打开特别制作的Word文件时...blah blah blah

官方建议采取的行动包括:
"We recommend that customers exercise extreme caution when they accept file transfers from both known and unknown sources." 我们建议客户在接受文件传输时要“极端小心”,不论该文件来自认识的人或者不认识的人。

Fantastic!

建议大家还是在文件传输和共享时多多使用PDF或者其他更透明的格式吧。

For those interested, here is the link to an earlier Word vulnerability alert by EWeek:
http://www.eweek.com/article2/0,1895,1965042,00.asp

文章来源:http://www.blogjava.net/sean/archive/2006/12/06/85968.html

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。