A new, yet-to-be-patched security hole in Word is being used in targeted cyberattacks, Microsoft has warned.
When a user opens a rigged Word file, it may corrupt system memory in such a way that an attacker could gain complete control over the PC, Microsoft said in a security advisory posted late Wednesday. Office 2000 and Office XP are at risk, the company said. The two recent versions, Office 2003 and 2007, are not affected.
As with most of the Office vulnerabilities, an attacker would have to trick a user into opening a malicious file to be successful. The vulnerability is being exploited in “very limited, targeted attacks,” Microsoft said. A security update to repair the problem is in the works, it added.