Secunia rates Word 2000 flaw extremely critical

Eight years after its release, Word 2000 is still extremely popular. In this edition of the IT Locksmith, John McCormick discusses an extremely critical Word 2000 flaw and how to protect yourself.


Security firm Secunia reports that a recently disclosed vulnerability in Microsoft Word 2000, which can allow a remote attacker to gain complete access to a vulnerability system, is being actively exploited. An attacker can exploit the vulnerability, caused by a memory corruption error, to run arbitrary code on the system. This is what makes it so dangerous.

Secunia also confirms that this vulnerability (CERT VU#806548) exists even in fully patched Word 2000 applications.

The Microsoft advisory on the vulnerability (Mitre CVE Reference CVE-2006-4534) states that the company is preparing a security update to address this threat but that one was not available yet. (Note that Microsoft's usual patch release date for this month is Tuesday, September 12—after the publication of this newsletter—and that a patch may arrive as early as this week.)

Until a patch is available and, verified to your satisfaction to be safe for installation on your system, about all you can do is caution users to be extremely careful about opening unexpected documents of any sort or any e-mail attachments, even if they aren't obviously Word documents.

What you can probably do with complete safety is download a free copy of Word Viewer 2003, which does not include the vulnerable code.

Word Viewer 2003 is a 12MB executable file (wdviewer.exe) that lets you open and view, but not edit, .doc format documents created with Word 2003 and all earlier Word versions. The file viewer also handles RTF, TXT, Web page formats, WordPerfect 5.x WPD and WordPerfect 6.x DOC and WPD files, as well as MS Works WPS and XML file formats.

Despite its limitations, Word Viewer 2003 is a free and excellent tool that all security managers should have in their toolkits so they can check the contents of suspect documents without risk. WV2003 runs on Microsoft operating systems later than W2000 SP4, including Windows Server 2003.

If you already have version 1 of Word Viewer 2003 (release date 8/9/2005), then you have the current version, since no updates have been released.

Those who do not run Microsoft Office shops should also note that there are free viewers available for Excel (Excel Viewer 2003, which lets you copy data to another application) and PowerPoint (PowerPoint Viewer 2003, which even opens password protected presentations—given a known password, of course).

Some readers don't appear to be aware of these programs; their comments have suggested that they feel "locked" into Office because others they work with save in Office file formats.

Final word

Here's a reminder which shouldn't be necessary except for new subscribers: Any patch—especially one which hasn't even been released at press time—can and often does have unexpected consequences ranging from simply not working properly to blocking a threat to crashing your system.

Therefore, even with a zero-day exploit such as this one, those of you managing large networks should be extremely cautious about installing any patch until a day or two has passed and you can evaluate any problems the patch may cause.

Some readers may think it is a bit alarmist to get so excited about a threat which, by all reports I've seen so far, only affects Word 2000. But user surveys show that many larger companies, and especially government agencies, are still running Windows 2000 and therefore are probably still using Word 2000 as their main word processor application.

With all the excitement over new operating system releases, it is important to remember that many individuals and especially many system managers feel that Word 2000 is still an excellent platform and simply can't see investing in marginally "better" operating systems or newer versions of Microsoft Office.

One of my office computers, which is in use daily by my assistant, still runs Windows 2000, while my other main machine runs Windows XP Professional. That is by design, as I need to monitor threats on everything from Windows 98 to Vista and *nix. Therefore, I have multiple machines/removable hard drives with virtually every major OS. But, even with copies of XP Pro sitting on the shelf, we simply don't see any pressing need to upgrade that one system from Windows 2000—it does everything my assistant needs.

Miss a column?

Check out the IT Locksmith Archive, and catch up on the most recent editions of John McCormick's column.

Want to stay on top of the latest security updates? Automatically sign up for our free IT Locksmith newsletter, delivered each Tuesday!

John McCormick is a security consultant and well-known author in the field of IT, with more than 17,000 published articles. He has written the IT Locksmith column for TechRepublic for more than four years.

Editor's Picks

Free Newsletters, In your Inbox