Hi,

We have a problem with the Ms Word autosave function in roaming profiles

The error is:

\[servername]\Documents$[USERNAME]\AppData\Roaming\Microsoft\Word~WRA3880.wbk" is infected by “DOC:CVE-2014-6333 [Expl]” virus.

it has something to do with latest updates form Microsoft: MS14-069: Vulnerabilities in Microsoft Office could allow remote code execution: November 11, 2014 ( https://support.microsoft.com/kb/3009710?wa=wsignin1.0 )

For now we excluded the extensions because it is not possbile in network environment with roaming profiles to exclude the exact directory because %username% is not a wildcard in exclusions with the AEA console.

Here is a site i found in German: https://forum.avast.com/index.php?topic=160435.0 its same problem but on OSX

keywords: roaming profile, CVE-2014-6333, KB3009710, autosave, word, microsoft, avast

We are seeing the same thing. It’d be nice if we could exclude a particular vulnerability from being checked rather than a file type. Once the patch is applied this exploit doesn’t work anymore, so we could just ignore it.

Hello,
detection was fixed and virus definitions are released.

Milos

Thanks, problem is fixed indeed