Unspecified Code Execution Vulnerability in Word 2000

Zero-day exploit targets Microsoft Word 2000 documents

January 12, 2006 10:40 AM PST

There's an unspecified new vulnerability affecting Word 2000 documents running on Windows 2000 systems. Although it's been exploited in the wild, security vendors are downplaying the threat as it is hard to execute on a victim's machine. Nonetheless, Microsoft has issued a Security Advisory for the vulnerablity which allows remote user-assisted attackers to execute arbitrary code on a compromised machine. Various security have identified the Trojans used in such attacks with names including Trojan.Mdropper.Q, Mofei, and Femo.

Additional Resources:

Microsoft info: Security Advisory
NIST.gov: CVE-2006-4534
FrSIRT: ADV-2006-3448
News.com: Word flaw hit with zero-day attack
Secunia advisory #: 21735

CNET Update

Google talks back in new voice search

Desktop users can have a conversation with Google search (sort of), the Kwikset Kevo locks doors with a finger tap, and Twitter adds a new twist for marketers.

Play Video