Software

Critical vulnerability affecting Microsoft Word 2000, 2002 discovered

A new remote code-execution vulnerability in Microsoft Word has been found. It can be triggered simply by opening a malicious Word file. A successful exploit would allow an attacker to execute arbitrary code in the context of the logged-in user.

A new remote code execution vulnerability in Microsoft Word has been found. It can be triggered simply by opening a malicious Word file. A successful exploit would allow an attacker to execute arbitrary code in the context of the logged-in user.

Affected products are Microsoft Word 2000 SP3 (Microsoft Office 2000), Microsoft Word 2002 SP3 (Microsoft Office XP), as well as Microsoft Word 2004 for Mac. Microsoft Office 2003 SP2 and above, as well as Microsoft Office 2007, appear to be unaffected.

You can read more about this issue in Microsoft Security Bulletin MS07-060. Microsoft recommends that customers apply the update immediately.

Download the patch for Word 2000 or Word 2002.

According to SecurityFocus, there are already reports that this vulnerability is being exploited in the wild.

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

3 comments
michelle.b.gorka
michelle.b.gorka

Was this NOT part of patch Tuesday? Is this an additional patch to be done?

Lost Cause?
Lost Cause?

Apparently, if you have installed Service Pack 3 on Office 2003, then you are covered.

Lost Cause?
Lost Cause?

Apparently, if you have installed Service Pack 3 on Office 2003, then you are covered.