Flaw Finders Lay Seige to Microsoft Office 149
An anonymous reader writes "The Register is reporting that bug reports on the latest iteration of Microsoft Office are certainly keeping the Redmond firm's programmers busy. So far this year 24 flaws have been found by outside researchers, more than six times the number found in all of 2005. From the article: 'The deluge of vulnerabilities for the Office programs - Word, Excel, PowerPoint, Outlook, and, for professional users, Access -signals a shift in the focus of vulnerability research and underscores the impact of flaw-finding tools known as fuzzers. The vulnerabilities in Office also highlight the threat that such files, if remained unchecked, can pose to a corporate network. Not since the days of macro viruses and Melissa have Office files posed such a danger to computer security.'"
Siege (Score:4, Informative)
Re:Access ? (Score:5, Informative)
Access is huge in business because it is trivial to modify the user interface, and to add functionality later on. A massive database solution might do the job faster but if the IT staff can't go in and change the interface every now and then it is pointless. A prime example is upgrading the user interface from the one designed in 1998 for an 800x600 screen to a more recient 1024x768 interface.
Apples and Oranges (Score:5, Informative)
Re:Is OpenOffice ready? (Score:3, Informative)
Comment removed (Score:4, Informative)
Re:Access ? (Score:4, Informative)
1) they're talking about security vulnerabilities, not bugs. I'm sure the number of Office bugs are in the thousands... It's pretty difficult to write a large piece of software without them
2) The article was stating that 24 Vulnerabilities were found in the current crop of Office, not in the up and coming Office 2007, so your bit about "not available to public" is not applicable
It's a danger *now*?? (Score:3, Informative)
Bollocks! They've always posed a danger, it's just that now they're getting some attention. I wonder if they'll look at TrueType/OpenType fonts any time soon - anyone remember the BSOD .ttf file?
Re:OpenOffice (Score:4, Informative)
Re:OpenOffice (Score:2, Informative)
You can sync your device directly to the Exchange server, effectively skipping the need for the installation of any software on the desktop machine.
You can also use ActiveSync across an GPRS link, and get BlackBerry like functionality (including E-Mail Push).
Re:Seriously? (Score:4, Informative)
Re:If someone else can find the flaws, why didn't (Score:3, Informative)
>Severity: critical
As quoted from the tracker.
Re:Automated tools (Score:3, Informative)
The fact of the matter is that fuzzing tools weren't very common while Office 2003 was being developed; while I'm sure the concept has existed for quite awhile, I the first I'd heard of it was around 2004, and it wasn't until 2005 until I saw much in the way of 3rd party tools.
Fuzzers ARE being used in tests for Office 12, for whatever that's worth...