Tuesday, November 06, 2007

Critical vulnerability affecting Microsoft Word 2000, 2002 discovered

A new remote code execution vulnerability in Microsoft
Word has been found. It can be triggered simply by
opening a malicious Word file. A successful exploit
would allow an attacker to execute arbitrary code in
the context of the logged-in user.

Affected products are Microsoft Word 2000 SP3
(Microsoft Office 2000), Microsoft Word 2002 SP3
(Microsoft Office XP), as well as Microsoft Word 2004
for Mac. Microsoft Office 2003 SP2 and above, as well
as Microsoft Office 2007, appear to be unaffected.

You can read more about this issue in Microsoft
Security Bulletin MS07-060. Microsoft recommends that
customers apply the update immediately.

Download the patch for Word 2000 or Word 2002.

According to SecurityFocus, there are already reports
that this vulnerability is being exploited in the wild