Microsoft warns about flaw in Word 2002
Along with the security updates for its monthly Patch Tuesday, Microsoft has published a security advisory concerning a critical hole in Office Word 2002 Service Pack 3. The security advisory from Redmond states that attackers could use manipulated Word documents to get control of a Windows PC. The victim only has to open a .doc file sent as an attachment to an email to be infected. Microsoft did not provide any further details. At the moment, the flaw is apparently only being used for targeted attacks, which generally means that the victims are politicians and industrial/economic leaders. But it is always possible that private citizens will soon also come under attack. Microsoft Office Word 2000, 2003 – SP2 and SP3, 2007 – SP1 and Office Word Viewer 2003 – with and without SP3, are not affected, nor are Office for Mac 2004 and 2008.
Though no patch has been released, Redmond says it is working on one and plans to have this finished next Patch Tuesday or possibly even sooner, depending on the urgency. At the moment, two other critical holes are still open: a flaw in an ActiveX control in Office and a flaw related to the handling of domain boundaries in Internet Explorer. Yesterday, Microsoft only remedied flaws categorised as critical.
* Vulnerability in Microsoft Word Could Allow Remote Code Execution, error report from Microsoft