Popular Microsoft products may be vulnerable to a security weakness that is similar to one patched for Mozilla...
web browsers last week.
MSN Messenger and Word both support a feature that could give remote users access to functions that could be used launch applications on Windows computers, according to an alert from Secunia, which tracks software vulnerabilities.
A Microsoft spokeswoman said the company is investigating the reports, but is not aware of any attacks using the vulnerabilities.
The applications both fail to restrict access to the "shell" URI (universal resource identifier), a feature that allows Windows users or software applications to launch programs associated with specific file extensions, such as .doc or .txt , said Danish security firm Secunia.
Hackers could launch programs associated with specific extensions using links embedded in Word documents or instant messages sent using MSN. However, the vulnerability does not allow attackers to pass instructions to the programs, which would allow more sophisticated attacks, Secunia said.
On Thursday, the Mozilla Foundation issued patches for a similar flaw in Windows versions of its web browsers, Firefox and Thunderbird, and the Mozilla Application Suite.
News of the Mozilla flaws came amid increasing interest in alternative web browsers after news broke about a number of serious security vulnerabilities in Microsoft's Internet Explorer Web browser that were being used in stealthy web-based attacks.
According to data compiled by WebSideStory, Internet Explorer's share of the browser market fell by 1% in the past month, the first noticeable decline since the company began tracking the browser market in late 1999.
On 2 July Microsoft released a software update that disables a Windows component called ADODB.Stream, which was used in web attacks, and promised more updates for Windows and Internet Explorer to address the security issues.
Paul Roberts writes for IDG News Service