Microsoft warns on Word vulnerability

Microsoft has said it is looking into reports that Word 2002 Service Pack 3 has a flaw which could let attackers in.

The software maker said it is aware of "limited, targeted attacks" which have seen remote code be executed in the software when the attacker's .doc file is opened. Microsoft stressed that to be hit by the problem, users would have to not only open the attacker's email or web link, but download and open the attachment as well.

It said that Word 2002 SP3 is the only vulnerable program from the Word line-up, but users could also see Word 2000 unexpectedly exit if a hacked .doc file is opened.

For more details, view the advisory here.

As the issue is still being investigated, no fix has yet been issued. Yesterday, Microsoft issued a similar warning for ActiveX in some versions of Access.