Security firm Secunia noted that the vulnerability is caused due to an unspecified error when handling strings and can be exploited to cause a memory corruption and that warned that successful exploitation allows execution of arbitary code, resulted in a compromised user system. "As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources. Microsoft has added detection to the Windows Live OneCare safety scanner for up-to-date removal of malicious software that attempts to exploit this vulnerability," Microsoft said in its security advisory. The company said it would provide free tech support to customers who believe they are affected by the zero-day attacks, noting that there is no charge for support calls that are associated with security updates. A zero-day attack is one that exposes software bugs before they have been patched. Although the world's largest software company said it is developing a security update for Office that addresses this vulnerability, it provided no time frame and could only tell users not to open files from untrusted sources.