In an advisory issued Tuesday, Microsoft reported that an attacker could attach a specially-crafted Word document to an email or infect a PC via a malicious website containing such a document.
Microsoft Office flaws, many exploited just after Patch Tuesday, have become common in recent months.
The just-discovered flaw exists in Word versions 2000, 2002, 2003, Word Viewer 2003, Word 2004 for Mac, Word 2004 X for Mac, and Microsoft Works versions 2004, 2005 and 2006.
The vulnerability, rated "extremely critical," is caused by an unspecified error in the handling of Word documents and can be exploited to cause memory corruption, according to vulnerability monitoring clearinghouse Secunia.
The Redmond, Wash. company advised users to practice extreme caution when opening Word documents attached to email.
Microsoft is investigating reports of a proof-of-concept exploit for the flaw, according to a post written today by researcher Alexandra Huft on the Microsoft Security Response Center blog.
Click here to email Frank Washkuch Jr.
Attackers aim for Microsoft Word flaw
By
Frank Washkuch
on
Dec 7, 2006 9:13AM
Microsoft this week warned Office users that attackers are exploiting a zero-day flaw in Microsoft Word.
Got a news tip for our journalists? Share it with us anonymously here.
Sponsored Whitepapers
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future

Video: Watch Juniper talk about its Aston Martin partnership