Vendors Warn of Microsoft Word Zero-Day Flaw

Microsoft is echoing warnings from Symantec about an unpatched vulnerability in Word that has become the subject of targeted attacks.Specifically, the flaw affects Office Word 2002, Service Pack 3, enabling a hacker to gain full rights to a user's computer. "At this time, Microsoft is aware of limited, targeted attacks that attempt to use this vulnerability," the company stated in a security advisory that suggests two workarounds while it investigates the problem. "While Microsoft Office Word 2000 does not appear vulnerable to this issue, Word 2000 may unexpectedly exit when opening a specially crafted .doc file that the attacker is using in an attempt to exploit the vulnerability."

Microsoft said the vulnerability -- which follows a low-key Patch Tuesday, as well as a separate security flaw involving its Access database program -- can't be exploited automatically via e-mail.SearchSecurity.com, The Register