MS Word buffer overflow attack?

Am new to using Comodo so not really sure about certain things. Was getting buffer overflow attack message when running Excel last week. Have totally reformatted computer and reinstalled everything this weekend. Yesterday MS Word was working fine. Even this morning, all was fine. I did a repair on Office and that’s when I first rec’d the buffer overflow message. Now, same in Excel. Just got done running AVG, it found nothing. I’m not real comfortable choosing “skip”. Not sure this is a real problem or ??? I have read many of the old posts on this subject but haven’t really seen a solution posted?
Any help appreciated here.
Thanks!
Lynn
(Windows 7, MS Office 2010)

I also have the same issue with Defense Plus.

What is happening, even thought are on trusted files list.

http://k.min.us/j7iQe.png

http://k.min.us/jcO1Q4.png

http://k.min.us/j2Kd8.png

The BO alert means that the program has an error, a buffer overflow, which makes it vulnerable for attack. But it does not mean your system is under attack or infected; it means it could be.

Only when you allow a malicious program to start Word your computer could become infected. When you are starting Word you can safely skip the alert.

if you are running a world file from the internet it could be infected and trying to exploit word to attack your computer. Is it only doing it when opening certain files, if you look hard at those files.

Is there anything that can be done to secure the program and not to receive the alert?

I’m not using a word file from the internet when it happens. I’ve received the message for every word and excel file I’ve tried opening.

how about just opening up word by itself?

That’s how I usually open it. I have a shortcut on my desktop. I’ve also tried opening it from my start menu and get the same message.

To see if Word is not infected you can check its digital signature. If that is OK then it is not compromised.

How to do this? Go to the Office installation folder and navigate to winword.exe, right click on it, choose Properties, go to the Digital signatures tab. See if it says if the digital signature is ok or not. Also see attached image.

[attachment deleted by admin]

Okay. My digital signature is okay. So I’m going to have to click “skip” each time? Or ??

Hi Lynwlms. Have you purged your trusted files list and why is their two entries for Winword.exe & Excel.exe??
Edit- This might sound strange but I have heard a corrupt Custom.dic file can cause issues like this, if you don’t mind losing your custom made dictionary you could delete the contents of the custom.dic file.
It can vary in its location so just do a search for Custom.dic on your drive, on my system it is located in Users>Username>Appdata>Roaming>Microsoft>Proof folder.

You can tell to skip it and and remember the answer.

I just purged. I searched for Custom.dic and I don’t seem to have one. I did just load Office over the weekend.

I’ve managed to mess something up. I’m not even rec’ing the notice now. When I click File, Word shuts down.

Just for analysis of the situation can you see if wimword.exe has been added the Exclusions of Shellcode injections. If it has been added there delete it and see what happens when you push File in Word. When you deleted it you will get the BO alert again.

What versions of Word and Windows are you using? Are they both updated with the latest updates?

No, it’s not listed.
Am using Windows 7 and Office 2010. Yes, both have been updated.

[attachment deleted by admin]

In case you did deny the BO alert but did not let it remember CIS will remember your answer for the Windows session. Can you reboot your Windows and see if that changes things or not?

I am on Win 7 32 bits with Office 2010 too but the event does not happen with me. Are you on a 32 or 64 bits Win 7? Are you using a 32 bits or 64 bits Office 2010?

Am 64 bit Win and not sure on Office. Will reboot right now.

Probably a real buffer overflow in the M$ product, I had the same thing happening in 2007 x86.
I verified with staff that it was a real BO, and reported to M$, it never got fixed…

There are certain ‘proceedings’ that you have to do for it to appear, I’m not sure what it was again, but for excel it was like clicking a few tabs and switch back and forth and poof there it would appear.

Nothing you can do then to make sure your working on a trusted document, and if so to skip the alert.
If your opening an untrusted document and it appears I’d make sure to terminate it.

Rebooted. Opened Word doc, no alert and it shut down on me. :frowning: