Security flaw hits Microsoft Word

Another security vulnerability has hit Microsoft Word just days after the company patched several of its Office applications.

According to a security advisory posted on the company's website, the flaw could allow hackers to execute code remotely if a user opens a malicious Office file attached to an email or on a website.

The flaw affects Office 2000 and Office XP and when a user opens a specially crafted Word file using a malformed string, the file could corrupt system memory in such a way that an attacker could execute arbitrary code. The vulnerability does not affect Office 2007, Office 2003 or Word 2003 Viewer.

"In a web-based attack scenario, an attacker would have to host a website that contains a Word file that is used to attempt to exploit this vulnerability," the company said in a statement. "Compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability."

The company added detection of the flaw to its Windows Live OneCare scanner, itself recently patched against a security flaw. It urged customers to exercise extreme caution when they accept file transfers from both known and unknown sources.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.