Last week we posted on a new vulnerability in Word. Today, the Microsoft Security Response Center reported on yet another Word vulnerability.



The new vulnerability affects Word 2000, 2002, 2003, and Word Viewer 2003 but not Word 2007. The vulnerability allows a malicious person to automatically execute code on the target machine when a DOC file is opened, so it's very similar to most of the other Word vulnerabilities we've seen during 2006. As it is actively being exploited, although the distribution so far is very limited, and there is no patch available we can only continue to use the same workaround as previously recommended – not to open or save any DOC files from untrusted sources or files that you have unexpectedly received from sources you trust.