Chinese Blogs Detail Zero-day Flaw in Microsoft Works

Chinese-language blogs are detailing a zero-day vulnerability in Microsoft Works, the company"s lower-end office productivity suite, according to security vendor McAfee. The vulnerability is within an ActiveX control for the Works" Image Server, wrote McAfee analyst Kevin Beets. A PC would need to visit a Web site engineered to exploit the flaw, Beets wrote.

A zero-day flaw is a software vulnerability that has become public knowledge but for which no patch is available. It is particularly dangerous since users are exposed from day zero until the day a vendor prepares a patch and notifies users it is ready. Proof-of-concept code was posted on a Chinese blog showing how the problem could cause Windows to crash, Beets wrote. Then, a few hours later, a working exploit appeared, which could allow malicious code to run on a machine.

View: The full story @ PCWorld

Report a problem with article
Next Article

Mystery HDD maker orders kit to build monster-capacity drive

Previous Article

MacBook Air spurring LED use in screens