Jump to content

Search the Community

Showing results for tags 'microsoft word'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 6 results

  1. In-the-wild exploits bring additional urgency to this month's update routine. A zero-day code-execution vulnerability in Microsoft Office is one of three critical flaws under active attack in the wild, Microsoft warned Tuesday as it rolled out a batch of updates that plug the security holes. As Ars reported Monday night, attackers are exploiting the flaw to infect unsuspecting Word users with bank-fraud malware known as Dridex. Blog posts published Tuesday morning by security firms Netskope and FireEye reported that attackers are exploiting the same bug to install malware with the names Godzilla and Latenbot. Ryan Hanson, a researcher at security firm Optiv and the person Microsoft credited with reporting the critical bug, said exploits can execute malicious code even when a mitigation known as Protected View isn't disabled. The attacks are able to bypass other exploit mitigations as well. Microsoft's fix for CVE-2017-0199, as the flaw is indexed, is here. According to Microsoft, flaws in two other products are also being exploited in the wild. One is an Internet Explorer vulnerability that allows attackers to access sensitive information from one domain and inject it into another address. Such elevation-of-privilege vulnerabilities are typically exploited along with an additional attack exploiting a separate bug so the attack chain can bypass a security sandbox or similar security protections. Microsoft's guidance for CVE-2017-0210 said the IE bug is being exploited, but it didn't elaborate. The third zero-day also resides in Office 2016, 2013, and 2010 and isn't actually being patched in Tuesday's update batch. According to guidance for CVE-2017-2605: "Microsoft is aware of limited targeted attacks that could leverage an unpatched vulnerability in the [Encapsulated PostScript] filter and is taking this action to help reduce customer risk until the security update is released." The flaw is exploited when a target opens a malicious EPS image in Word. In all, Microsoft released 15 updates on Tuesday patching dozens of individual flaws in software, including the Windows operating system, Exchange Server, and Adobe Flash. It's always a good idea to install updates as soon as possible. The active attacks on three separate Microsoft products makes that advice particularly important this month. Source
  2. The exploit appears in a Word doc attached to an email message. When you open the doc, it has an embedded link that retrieves an executable HTML file which looks like an RTF file. Apparently, all of that happens automatically. The downloaded file loads a decoy that looks like a document, so the user thinks they’re looking at a doc. It then stops the Word program to hide a warning that would normally appear because of the link. Very clever. It works on all versions of Windows, including Win10. It works on all versions of Office, including Office 2016. Good overview by Dan Goodin at Ars Technica. Technical analysis by Genwei Jiang at FireEye FireEye shared the details of the vulnerability with Microsoft and has been coordinating for several weeks public disclosure timed with the release of a patch by Microsoft to address the vulnerability. After recent public disclosure by another company, this blog serves to acknowledge FireEye’s awareness and coverage of these attacks. Likely cause of the rush to disclose from Haifei Li at McAfee. McAfee’s recommendation: Do not open any Office files obtained from untrusted locations. According to our tests, this active attack cannot bypass the Office Protected View, so we suggest everyone ensure that Office Protected View is enabled. Source: Booby-trapped Word documents in the wild exploit critical Microsoft 0day (AskWoody)
  3. The flaw affects all Word versions on any Windows version Microsoft has confirmed that this month’s Patch Tuesday would bring an update aimed at fixing a vulnerability in Word that exposes users to malware infections. Disclosed by security company Fire Eye, the Microsoft Word security flaw makes it possible for hackers to hijack Windows computers with the help of a malicious RTF document that hides code which then triggers malware downloads on target systems. Microsoft has confirmed in a statement that it plans to address the vulnerability as part of today’s Patch Tuesday rollout, saying that users are recommended to avoid opening documents coming from unknown sources until the fix is deployed. “We plan to address this through an update on Tuesday April 11, and customers who have updates enabled will be protected automatically,” a company spokesperson said. “Meanwhile we encourage customers to practice safe computing habits online, including exercising caution before opening unknown files and not downloading content from untrusted sources to avoid this type of issue.” Bypassing all mitigation systems Security company McAfee has also confirmed the security vulnerability and said that attackers are able to bypass most mitigation features in Windows to compromise a target computer. “The exploit connects to a remote server (controlled by the attacker), downloads a file that contains HTML application content, and executes it as an .hta file. Because .hta is executable, the attacker gains full code execution on the victim’s machine. Thus, this is a logical bug, and gives the attackers the power to bypass any memory-based mitigations developed by Microsoft,” McAfee said. The vulnerability affects all Windows computers, including the latest Windows 10, as well as all Office versions, so the only way to remain secure without a patch is to avoid opening documents coming from untrusted sources. The Patch Tuesday rollout begins later today, so make sure that you deploy this month’s fixes as soon as possible, especially if you’re working with Word documents and the RTF format in particular. Source
  4. Look for this warning when opening suspicious Word docs Security company FortiGuard Labs warns that a malicious Microsoft Word document is being used these days to compromise both Windows and macOS systems using the macro feature that makes it possible to download malware on target systems. The macro feature integrated into Microsoft’s Office productivity suite has already been used by cybercriminals to infect systems and it looks like this new wave of attacks is based on a similar approach, relying on VBA (Visual basic for Applications) code to deploy malware. What’s important to note, however, is that this Word document is being used to attack both Windows and macOS, and the researchers observed that depending on the OS type, the script is trying to take a different route to make sure that it successfully compromises the system. Already blocked by some antivirus solutions FortiGuard says that once the python script in the macro is executed, the file attempts to download a file from a link we’re not going to mention here and execute it on the local machine. The script tries to connect to the host on port 443, but at the time of the research, the server was down and not answering client requests. This doesn’t necessarily mean that systems cannot be compromised, as the python process remains active on the system, retrying connections in the background until an answer is offered. The easiest way to remain secure against this new wave of attacks is to avoid Word documents coming from sources that you don’t trust. Additionally, if you do open these documents, make sure that you’re not running the macro inside as it can initiate the whole process that in the end compromises your system. Antivirus solutions are already being updated to detect the malicious documents, and FortiGurd says its antivirus flags the files as WM/Agent.7F67!tr, so make sure you’re running fully up-to-date security software, especially if you’re working with Office documents from sources you don’t necessarily trust. Source
  5. PDFZilla 3.0.6 Eng + Key + Portable PDFZilla - is an application that converts PDF files into editable MS Word, Rich Text, Plain Text Files, Images, HTML Files, and Shockwave Flash SWF Files. Supports all popular formats: DOC, RTF, TXT, BMP, JPG, GIF, PNG, TIF, HTML, SWF. In addition, you can also prohibit converting the first and last pages, or only specify the desired page range to include audio reminders. The program is not too "gluttonous" to system resources and performs the conversion in an instant. Also, there is a section with PDFZilla where clearly shows how to perform a particular action. In general, PDFZilla - this is a handy application for converting PDF-files, which is justified by the price they are asking for it, developers. PDFZilla supports most popular formats: DOC, RTF, TXT, BMP, JPG, GIF, PNG, TIF, HTML, SWF. Select the PDF-File -> Select the Output File Format -> DOC, RTF button Start Converting, you can now afford to just have a cup of coffee. Key features and functions of the program: Good indicators of performanceIt uses very little system resourcesWide range of formats of the target fileSimple and intuitive interfaceSelect individual pages for conversionFlexible customization of the transformation processA detailed help sectionSpecial features: Convert PDF to WordConvert PDF to Word with all text and Graphical data.Convert PDF to RTFConvert PDF to RTF files. You can edit text and graphics Wordpad.Convert PDF to TXTConvert PDF to plain text files. You can edit text by Notepad.Convert PDF to ImageConvert PDF to BMP, JPG, GIF or TIF files.Convert PDF to HTMLConvert PDF to HTML files and automatically generate the Index file.Convert PDF to SWFConvert PDF to Shockwave Flash Animation files which can be published on websites.Select a pageConvert all the pages, or partial pages of the PDF.Website: http://www.pdfzilla.com/ Year: 2013 OS: Windows XP / Vista / 7/8 Language: English Medicine: Key Size: 8,27 / 12,27 Mb.
  6. software182

    doPDF 7.3 Build 398

    doPDF installs itself as a virtual PDF printer driver so after a successful installation will appear in your Printers and Faxes list. To convert to PDF, you just have to print the document to doPDF, the free pdf converter. Open a document (with Microsoft Word, WordPad, NotePad or any other software), choose Print and select doPDF. It will ask you where to save the PDF file and when finished, the PDF file will be automatically opened in your default PDF viewer. What's new in this version:Corrected install on Windows XP EmbeddedCorrected GUI crash on Windows XPThe PDF creation date now takes into account daylight saving time changesAdded version information in list of programsType1 fonts are embedded only on requestDisplay corrections for the About window (on Windows 8)DOWNLOAD HERE [ FREEWARE ] : http://www.dopdf.com/download/setup/dopdf-7.exe Website : http://www.dopdf.com/
×
×
  • Create New...