Daily Report Tuesday, February 27 , 2007

Daily Highlights

The Associated Press reports the Federal Deposit Insurance Corporation and VeriSign Inc., which manages domain registry names, say fraudulent e−mails claiming to be from them should be considered a malicious attempt to collect personal data. (See item 7)
The Postal Regulatory Commission on Monday, February 26, recommended a U.S. Postal Service rate increase, which may be implemented as early as May; the average rate increase will be 7.6 percent. (See item 15)
Information Technology and Telecommunications Sector

February 26, Computerworld — Microsoft Office 2003 apps, Explorer hit with new crash bugs. Microsoft's Word 2003 and Excel 2003 can be crashed by attackers who feed the business applications malformed documents, Symantec Corp. reported Monday, February 26. "A remote attacker may exploit this vulnerability by presenting a malicious WMF file to a victim user," said Symantec's report. "The issue is triggered when the application is used to insert the malicious file into a document." Specially crafted WMF (Windows Metafile) image files were the root of a major attack in late 2005 and early 2006 that was launched from hundreds of malicious Websites and compromised thousands of PCs. The Excel flaw can be leveraged by a malformed spreadsheet file rather than a WMF image, Symantec added. Attacks using either vulnerability require users to download malicious files from a Website or open them when they arrive as e−mailed file attachments. Also at risk, said Symantec, is XP's and Server 2003's Windows Explorer, the operating system's file interface. Explorer will crash when attempting to open a malformed WMF image.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=servers&articleId=9011799&taxonomyI d=68&intsrc=kc_top