updated 11:50 am EST, Wed December 6, 2006
MS Word vulnerability
Microsoft has issued a security advisory for a new vulnerability in Microsoft Word that could allow remote code execution by an attacker. The Redmond-based company is investigating a new report of limited 'zero-day' attacks using a vulnerability in Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word 2004 v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006. Users must first open a malicious Word file attached to an email or provided by an attacker by some other means before the attack can be carried out, and Microsoft suggests exercising extreme caution when opening unsolicited email attachments from both known as well as unknown sources.