[导入][链接] Another Zero-Day Vulnerability Has Been Confirmed in MS Word

http://www.microsoft.com/technet/security/advisory/929433.mspx

大家小心了，不要随便打开不明来源的Word文档，尤其是邮件附件或者网上采集的Word格式的文章，目前发现的这个缺陷在几乎所有市场上使用的Word版本（2000~2003等等）中都存在。至于何时可以发布补丁，目前官方还没有一个正式的时间表。

根据微软官方说明，该vulnerability的workaround是：
"Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted Word file." 不要打开不可靠的来源的Word文件，或者可靠的来源但并非预期会收到的Word文件，该缺陷可以在用户打开特别制作的Word文件时...blah blah blah

官方建议采取的行动包括：
"We recommend that customers exercise extreme caution when they accept file transfers from both known and unknown sources." 我们建议客户在接受文件传输时要“极端小心”，不论该文件来自认识的人或者不认识的人。

Fantastic!

建议大家还是在文件传输和共享时多多使用PDF或者其他更透明的格式吧。

For those interested, here is the link to an earlier Word vulnerability alert by EWeek:
http://www.eweek.com/article2/0,1895,1965042,00.asp

大胃 2006-12-06 22:47 发表评论

文章来源:http://www.blogjava.net/sean/archive/2006/12/06/85968.html