Security holes in MS Works
Users of Microsoft applications both in the office and at home continue to tread on thin ice. Critical security holes were recently found in Excel, PowerPoint, and Word, and now weak points have been discovered in Works 8.0. The application crashes when reading specially prepared spreadsheets in the WKS and XLR formats. The flaws are apparently in the file wksss.exe (8.4.702.0) and the Windows Runtime Library msvcr71.dll (7.10.3052.4).
Some of the flaws are the result of buffer overflows, and in such cases malicious code can allegedly be injected into the system. Benjamin Tobias Franz, who discovered the holes, has published test files designed to demonstrate the holes. No patches are currently available. Franz has not said whether he informed Microsoft of this new problem.
- Microsoft Works - Buffer Overflows / Denial of Service (DoS)-Vulnerabilities, security report by Benjamin Tobias Franz