Alert: "Extremely critical" Word flaw - Breaking Business and Technology News"
Published: Tuesday 5 September 2006
An 'extremely critical flaw' in Microsoft Word 2000 is currently being exploited by malicious attackers, which could lead to remote execution of code on a user's system.
The vulnerability affects systems running Windows 2000 and occurs when processing malicious Word 2000 documents.
Security company Symantec, which several days ago detected the exploit, Trojan MDropper.Q, noted that it uses a two-step attack.
Trojan MDropper.Q exploits the Microsoft Word vulnerability to drop another file, a new variant of Backdoor.Femo, according to a security advisory by Symantec.
Symantec's advisory stated: 'As with other recent [Microsoft] Office vulnerabilities, documents incorporating the exploit code must be opened with a vulnerable copy of Microsoft Word 2000 for it to work. As such, it makes the vulnerability unsuitable for the creation of self-replicating network worms.'
Microsoft has not yet issued a patch for the vulnerability, and users are advised to forgo opening untrusted documents.