Microsoft Office Exploited to take over control of MAC's!

[gunug]

This is apparently something originally targeted on NGO's involved in Tibet:

QUOTE

A remote code execution vulnerability exists in the way that Microsoft Office Word handles a specially crafted Word file that includes a malformed record. An attacker who successfully exploits this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

http://labs.alienvault.com/labs/index.php/...ac-control-rat/

[Xairbusdriver]

I think MS patched this exploit way back in the 2004 version. But some people still may be running unlatched versions.

[jchuzi]

New exploit uses old Office vulnerability for OS X malware delivery

[gunug]

So apparently some people at this place are no old enough to know it's already been fixed?

[jchuzi]

For more information, read ESET analyzes the Office-based Trojan threat for OS X

[Xairbusdriver]

I'm not sure what "place" you are talking about. All the reports I've read indicate that this threat will not work on the patched MS apps. But that means it could run on un-patched ones. The fear is that there are (too) many people with absolutely no concept of what a "patch" is or that there is even a built-in Updating System on the Mac. It still boils down to the lack of skill or the gullibility of the end user. Some say this is aided by the comments (although often misattributed as being to Apple) that a Mac doesn't have any need for AV software. That is only partially true and assumes that everyone is keeping all their other software up-to-date and that they don't download stuff from nefarious sites or e-mail links.