A vulnerability has been found in Microsoft's word-processing application, Word.
Microsoft said in its security blog: "We are currently investigating a report of a proof-of-concept which may allow an attacker to execute code on a user's machine by convincing them to open a specially-crafted Word document.
"We are aware of limited attacks attempting to use the vulnerability reported," it continued, suggesting that code to exploit the flaw is now in the wild.
The flaw, rated as 'highly critical' by Danish security company Secunia, could allow hackers to remotely take over a user's PC. According to Secunia, the vulnerability is caused by an "unspecified error in the handling of Word documents". The company recommended that you should not open or save any untrusted Word documents.
Several versions of the popular software program are affected by the vulnerability. According to Microsoft, Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word 2004 v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006.
Microsoft recommended that "as a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources."
http://www.microsoft.com/ http://secunia.com/
Topic: Flaw found in Microsoft Word (Read 639 times)