-
July 28th, 2009, 11:55 AM
#1
MS Office Security Tool
Microsoft today released a free tool for enterprises and developers that detects whether an Office file contains malicious content.
You can get it here:
•Microsoft Office Visualization Tool (OffVis). A free tool designed to help combat file format-based software vulnerabilities and exploits, OffVis will allow customers to better understand and deconstruct Microsoft Office-based attacks. As a result, security vendors can build deeper, more precise malware detection signatures and develop new techniques for analyzing malware. The tool is available for no-charge download.
Sorry folks, I have downloaded it but haven't had a chance to play yet
-
July 28th, 2009, 01:01 PM
#2
Useless crap. Who the hell would abuse a buffer overflow in MS office when the pdf format can be used to exploit flaws in adobe reader straight through everyone's browsers instead.
-
July 28th, 2009, 01:40 PM
#3
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
-
July 28th, 2009, 01:52 PM
#4
when the pdf format can be used to exploit flaws in adobe reader straight through everyone's browsers instead.
OMG!!!!! you mean you still have Adobe software installed on your machine?
Who the hell would abuse a buffer overflow in MS office
Someone who knows what they are doing
Last edited by nihil; July 28th, 2009 at 01:57 PM.
-
July 29th, 2009, 10:52 AM
#5
Not really... what are people more likely to click? The executable or the readme?
-
July 29th, 2009, 11:29 AM
#6
The people I know would go for the executable............reading instructions is a sign of weakness.
Personally, I never click on .pdf stuff on a website.
However, that sort of misses my whole point, which to some extent is illustrated in the article in this thread:
http://antionline.com/showthread.php?t=278339
Basically there is a whole raft of obsolete software (OS and applications) still in regular use. In particular Microsoft Office applications, as most people only perform very basic functions with it, and don't see any benefits in paying Microsoft a small fortune for the latest version that doesn't really do anything for them functionality wise.
I personally know lots of people who still use Office 97 and Office 2000, even though they are no longer supported, and I do suggest O-O 3.1
It is my suspicion that there is a veritable orchard of low hanging fruit out there, just waiting to be picked.
Another consideration is that MS Office documents are well known and tend to be more unquestioningly trusted than .pdf ones. I know of plenty of organisations where I could totally ban .pdf and it would have no effect on their efficiency and effectiveness whatsoever. On the other hand, if I blocked MS Office it would cripple them.
I do not believe that cybercriminals are techno-snobs............they will use any method they think might work and they doubtless target their victims quite carefully, if only by group.
-
July 29th, 2009, 11:55 AM
#7
Hmm blocking Pdf's here will certainly shut us down 0_o ...
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
July 29th, 2009, 04:54 PM
#8
OK..............(and DO NOT run this past your bosses!)
Your company uses .pdfs to the extent that their exclusion would shut you down?................errrrrrrrrrrrrr?
How come your product doesn't take up the slack and fix the issue(S)?
-
July 30th, 2009, 08:20 AM
#9
lol
Well seeing as though we are an ADOBE distributor ...
See the irony ? :P
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
Similar Threads
-
By AngelicKnight in forum Newbie Security Questions
Replies: 37
Last Post: June 28th, 2004, 01:29 PM
-
By Nokia in forum Tips and Tricks
Replies: 0
Last Post: June 12th, 2004, 05:13 PM
-
By xmaddness in forum Security News
Replies: 1
Last Post: August 15th, 2002, 03:07 AM
-
By xmaddness in forum Miscellaneous Security Discussions
Replies: 0
Last Post: July 31st, 2002, 09:35 PM
-
By xmaddness in forum Miscellaneous Security Discussions
Replies: 0
Last Post: July 25th, 2002, 03:05 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|