The number of vulnerabilities that
were discovered in Microsoft Office in 2006 tripled from the number that had been discovered
in 2005. The actual number of vulnerabilities has not been released, but it is
common knowledge that at least 45 of these involved serious and critical vulnerabilities.
A few were zero-day exploits. A common method of attack against systems that have
Office applications installed is to use malicious Word, Excel, or PowerPoint documents
that are transmitted via e-mail. Once the user opens one of these document types, malicious
code that is embedded in the document, spreadsheet, or presentation file executes
and can allow a remote attacker administrative access to the now-infected system.
SANS top 20 security attack targets 2006 annual update:
??? Operating Systems
??? W1. Internet Explorer
??? W2. Windows Libraries
??? W3. Microsoft Office
??? W4. Windows Services
Gray Hat Hacking: The Ethical Hacker??™s Handbook
42
??? W5. Windows Configuration Weaknesses
??? M1. Mac OS X
??? U1. UNIX Configuration Weaknesses
??? Cross-Platform Applications
??? C1 Web Applications
??? C2. Database Software
??? C3. P2P File Sharing Applications
??? C4 Instant Messaging
??? C5. Media Players
??? C6.
Pages:
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141