Again microsoft have flaws in there products,and some patches to fix it.
First up the worst of the three: a hole in MS Word enabling an attacker to run a malicious macro against a user. In this case, a Word document can be modified so as to bypass the application's built-in macro checker. Macros run at the user's level of permission so attacks could involve any action the user is capable of taking. |
Word 2002, Word 2000, Word 97, Word 98 (J), and Word 98/Word 2001 for Mac are affected.
Grab the patch Here
Next up, an unchecked buffer in a FrontPage Server Extension which gives an attacker total control of the target machine. An optional component called Visual Studio RAD (Remote Application Deployment) support is at issue.
Sending a malformed packet during a Web session with the target machine can result in system-level access. Fortunately, RAD support is not enabled by default, so not everyone with FPSE will be affected.
Grab the patch Here
Finally, a new twist on a previously-patched issue in NetMeeting. A remote denial of service (DoS) vulnerability can be exploited when a malicious client sends a malformed string to a port on which the NetMeeting service is listening (with Remote Desktop Sharing enabled).
There's a flaw in NetMeeting which boosts CPU use to 100 per cent when the right string is sent, thereby overloading the target machine. NetMeeting Version 3.01 running on Windows 2000 or Windows NT 4.0 is affected. The first such hole was reported last October.
Grab the patch Here
That will keep you up to date for now check the The Register for the completed story on this flaws.
Source: TheRegister
