December 11, 2006 8:21 AM PST

Second zero-day flaw found in Word

By Dawn Kawamoto
Staff Writer, CNET News

Related Stories: No fix yet for zero-day flaw in Word
December 7, 2006; Word hole exploited in zero-day attacks
December 5, 2006

A second security vulnerability has been discovered in Microsoft Word in less than a week.

The zero-day flaw, which is could let an attacker gain remote access to a person's system, affects Word 2000, Word 2002, Word 2003 and Word Viewer 2003, according to a Microsoft security advisory posted Sunday night. Word 2007 is not affected, Microsoft said.

"From the initial reports and investigation, we can confirm that the vulnerability is being exploited on a very, very limited and targeted basis," Microsoft stated in its advisory.

Nonetheless, security provider Secunia said Monday that it is rating this latest Word security flaw as "extremely critical" because it is unpatched and because malicious attackers are currently exploiting the vulnerability.

In this case, attackers are taking advantage of a flaw that arises when an unspecified error occurs when processing a Word document, Secunia said in its advisory.

Microsoft noted that the vulnerability is different from the security flaw discovered in Word last week, which also is a zero-day problem. In order to activate that flaw, a person would need to open a malicious Word file that was hosted on a Web site or an attachment that arrives via e-mail.

The software giant is not expected to have patches available for the flaws when it issues its monthly round of security updates Tuesday.

See more CNET content tagged:
flaw, Microsoft Word, attacker, vulnerability, security

Join the conversation

Inside CNET News

1-2 of 12

Scroll Left Scroll Right

Spray-on antenna: Wireless in a can
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.

Crave
Samsung Galaxy Note (AT&T)
Gallery
iPad 3 debut once again rumored for March
Whether Apple will release a new iPad next month doesn't seem to be the question as much as what day it will happen. A new rumor has it down to the day.

Apple Talk
Police visit Facebook dad who shot daughter's laptop
Tommy Jordan, the man who shot his daughter's laptop for YouTube, gets a visit from police and child protection services. Oh, and Good Morning America.

Technically Incorrect
Tips for keeping your browsing private
Video
The Pirate Bay avoids walking the plank, for now
Digital scurvy is driving torrents off The Pirate Bay, but that doesn't mean the site is sinking to Davy Jones' Locker--yet.

Digital Media
Ethical manufacturing petition delivered to San Francisco Apple Store
Video
DOJ clears Apple-Microsoft-RIM deal to buy Nortel patents
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.

Politics and Law
Engineered carbon gives batteries, ultracaps a boost
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.

Cutting Edge
Video game Spacewar reborn at 50 (photos)
Gallery
Sony spending $50 million on PS Vita marketing
"Never Stop Playing" campaign for upcoming portable marks Sony's largest platform launch marketing spend, with ads to reach YouTube, Facebook, TV, and billboards in major cities.

Crave
Mushroom kit has roots in used coffee grounds (video)
As UC Berkeley students, the co-founders of "Back to the Roots" discovered they could grow mushrooms using recycled coffee grounds. Now their mushroom kit sells at grocery stores across the country.

Cutting Edge