September 5, 2006 7:59 AM PDT

Word flaw hit with zero-day attack

An "extremely critical flaw" in Microsoft Word 2000 is currently being exploited by malicious attackers, which could lead to remote execution of code on a user's system, security researcher Secunia advised Tuesday.

The vulnerability affects systems running Windows 2000 and occurs when processing malicious Word 2000 documents, according to Secunia's security advisory.

Security company Symantec, which several days ago detected the exploit, Trojan MDropper.Q, noted that it uses a two-step attack.

Trojan MDropper.Q exploits the Microsoft Word vulnerability to drop another file, a new variant of Backdoor.Femo, according to a security advisory by Symantec.

"As with other recent (Microsoft) Office vulnerabilities, documents incorporating the exploit code must be opened with a vulnerable copy of Microsoft Word 2000 for it to work," Symantec's advisory stated. "As such, it makes the vulnerability unsuitable for the creation of self-replicating network worms."

Microsoft has not yet issued a patch for the vulnerability, and users are advised to forgo opening untrusted documents.

This latest exploit of an Office vulnerability follows on the heels of a similar malicious attack in June. In that particular case, users' systems would become infected when opening a malicious Excel document called "okN.xls." That malicious file contained the Trojan horse Mdropper.J, which then dropped the Booli.A program on a user's system. Booli.A would then download more malicious files to the user's PC.

See more CNET content tagged:
Microsoft Word 2000, vulnerability, flaw, Microsoft Word, Symantec Corp.


Join the conversation!
Add your comment
Word 2000?
Word 2000. Who uses that?
Posted by roger.d.miller (41 comments )
Reply Link Flag
Word 2000. Who uses that?
"Word 2000. Who uses that?"

You definately need a real job.

Only the South end of a North bound Jackass would
make such a comment.
Posted by redco (2 comments )
Link Flag
I Do
I do. At home. I have three legal copies on three machines at home. Why should I pay my own money for something newer? Please don't tell me because of this exploit vector; newer versions suffer their own vulnerabilities.

mark d.
Posted by markdoiron (1138 comments )
Link Flag
Many people
Just because there are newer versions of Microsoft Office does not mean that all companies and individuals have upgraded or even plan to. Most people do not need newer versions as Office 2000 runs well enough and has more features than most people will ever touch.
Posted by ddesy (4336 comments )
Link Flag
Hard to imagine...
This as a really big threat since:

a.) You have to be running Word2k on a Win2k box
b.) You have to open a "malicious" word document
c.) It is not really a virus, but a backdoor allowing (probably) remote access to your PC

I don't know about you guys, but I don't make it a habit of opening random word documents off the internet that reek of malicious intent. But hey, if you DO decide to open that "10 ways to increase your potency in bed" document off of limewire, or that atachment in your e-mail inbox from LonleyWife, or HotMilf, then you deserve to have your computer infected.

I know this doesn't excuse the fact that there is a security flaw, but software development is an imperfect art. Anybody who thinks otherwise has never, ever coded a single line of code and compiled it.
Posted by jwarren.carroll (84 comments )
Reply Link Flag
Not quite...
If you code a simple "Hello World" you have coded at least one line. Unless the compiler has a security problem, but it's hard to code that imperfectly.

Of course much larger programs are difficult to code perfectly, but small programs can be very close to perfect if not perfect. Because of this, I prefer smaller, specialized software with fewer features in many cases.
Posted by ddesy (4336 comments )
Link Flag
Easier than it looks
By clicking on a link in internet explorer that links to a .doc file (rather than html), word will automatically be loaded by IE to view the document. The same happens when you click on a link to a .pdf and accrobat reader pops up. The link doesn't have to visually show the type of document you are linking to, either. For instance, the "Terms of use." link you see when entering a post links to

<a class="jive-link-external" href="" target="_newWindow"></a>

See? It's not all that hard.
Posted by Seaspray0 (9714 comments )
Link Flag
Word 2000
I still use Word 2000, I have both 2003 and XP versions but have uninstalled them and kept 2000 because its faster and does everything I want.
Posted by poisond (3 comments )
Reply Link Flag
WordPerfect or OpenOffice.
I post this with a big ol' smile on my face. Not because of a Microsoft exploit or because I wan't people to switch to OpenOffice or WordPerfect. The smile is because anybody who believes the need a full blown office suite or even a powerful document editor is probably just smoking something they shouldn't be.

Sure there is a need for some to use more powerful document editors, but most people don't need it. We use WordPerfect in my office, but the truth is for most of them here Wordpad would be fine. We would probably use Word, but WordPerfect works great, does all we need, and cost less than Microsoft Office. We could use OpenOffice, but we don't.

If you own Word or WordPerfect and all you do is type then you wasted your money. Next time download OpenOffice or just use wordpad.

As far a security goes I just say keep or AV upto date and your firewall active. All software has flaws, even open source ones.
Posted by System Tyrant (1453 comments )
Reply Link Flag
this is the big mystery
This is one of the biggest mysteries of this current personal computer age. Everybody's GOTTA have Word/Office, and 99% of them use it for typing and maybe the simplest of spreadsheets. Just like they've GOTTA have the latest Intel processor and 2 gigs of RAM, running Windows. Which they use for email, web browsing, and typing. Dare to challenge their baseless assumptions about their "needs" and they'll look at you like you've lost your mind
Posted by tipper_gore (74 comments )
Link Flag
Figures, more Microgarbage
Why would anyone made a "word processor" that can "execute code"?

This is the problem. If it was a word processor, there would be no way to execute code on it. But, since the company that put it out (we all know who that is) decides in their wisdom that their word processor should actually be some kind of high level programming language (in addition to a word processor), we get problems like this. Other companies have jumped on the bandwagon too, and now you have a hard time finding a simple ordinary word processing program. Even if you did, it wouldn't be able to open the letter you just got from your mom because she used one of the bloated popular programs.
This is why the software in question will never be installed on my computer. How in the world can anyone, and I mean ANYONE, justify a WORDPROCESSOR being a security risk?
This is one of the MANY reasons why I have to HOLD MY NOSE while I'm using my PC.

I'm really hoping, before I die, to see Linux with some kind of directx emulator or something. If that happened, I'd drop MS and NEVER BUY ANOTHER ONE OF THEIR PRODUCTS EVER.

Fat Chance.
Posted by Mergatroid Mania (8395 comments )
Reply Link Flag
OK, tell me
Tell me a single mainstream word processor that doesn't support macros.
Responding to your request I can tell you a hundred reasons why a word processor might become a security risk. Users want macros. Many NEED macros. Macros require coding. If a Word Processor allows for macros but does not SPECIFICALLY TAKE STEPS TO PREVENT MACROS THAT MIGHT DO SOMETHING EVIL (and now you try to define "doing something evil" in a computer understandable way and you win a Nobel prize) then it is a vulnerability.
I thought not.
Posted by herby67 (144 comments )
Link Flag
Another day, another M$ vulnerability...
When will these people learn, the single most effective defense is never use Microsoft products.
Posted by extinctone (214 comments )
Reply Link Flag
Extremely critical????
In the computing security word it is accepted that a "Critical" flaw is one that allows for automated propagation of a threat. There's no accepted definition for "Extremely Critical" but it would definitely be something more critical than "Critical". This vulnerability doesn't allow for that. In most vulnerability assessment schemes it would only rank as "Important" or something on that order. But definitely not "Extremely Critical". Now tell me why a not critical vulnerability for an extremely old version (Word XP and Word 2003 are quite major releases for Word, and Word 2007 is due in a few months) of a Word Processor is front page news...
Posted by herby67 (144 comments )
Reply Link Flag
7 years old
Show me one program on the internet that has been out for 7 years, and doesnt have some kind of crack, hack, or has been comprimised in some way by the internet public, and ill show you a good company to invest in.

(what i'm getting at is you can't.)

Posted by dahkness (26 comments )
Link Flag
According to Dean Thomas...
Didn't you know? Word 2000 was on double secret probation. Now there's only one thing left to do.... Toga. Toga! TOGA!!!
Posted by Seaspray0 (9714 comments )
Link Flag
What to do
If you have use the affected office software, have it patched right away and get on with your life. Don't swallow the hype here at cnet where every little security flaw or exploit is celebrated like the end of the world. It's not.
Posted by thedreaming (573 comments )
Reply Link Flag
How many different people in different threads have to say to you "YOU DON'T HAVE A CLUE"

* Read a bit (not only on M$ fansites)
* Talk to normal people (end users) about their problems to learn their needs
* Talk to people from small companies to learn their needs
* Talk to people from internationals to learn their needs
* Learn C/C++ and see what it can do with little resources and compare it with the same in .NET or VB
* Test a lot (Try for instance a good linux distro, perhaps Gentoo? Or Borrow an old MAC (8 years old and still running, or something like that))

Combine the things you learned with an open mind, and then come back with a funded reply. I saw your name in countless ridiculous comments in the last weeks. I just can tell you 1 thing: you know jack **** about PC's
Posted by Gino Deblauwe (25 comments )
Reply Link Flag
This was intended for Lindy01
This was intended for Lindy01
Posted by Gino Deblauwe (25 comments )
Link Flag
We do.
We still use Office 2000. It has all the features we need. Several of our machines have Office XP, because they shipped with it installed, but there are no compelling reasons for us to upgrade all of our machines to it. MS has extended support for Office 2000 until 2009.
Posted by totorototoro (69 comments )
Reply Link Flag
Most users use word because of the format
Truth is that the word .doc format is pretty much an unwritten
(or a formal) standard. If you want anyone to be able to read
your document, then it has to be a .doc.
you could write it as a .pdf feature, if you had that capability (I
have it on my mac, but I dont know about PC users who dont
use MS Office). Thats pretty universal too.
If all office suites could gurantee formatting on all machines with
all word processors, then Word would loose its monopoly. Its
true that most of the features are irrelevent to most of the users
and many are getting fed up of paying for bells and whistles that
they neither want nor need. Not to mention the fact that the
application grows every time an upgrade is done.
I have Neo Office and MS Office. I try to use Neo Office whenever
possible, but sometimes, I need to have gurantees about
formatting so I use MS Office. With the rise of the open
document format, I think that my copy of MS Office will be
retiring and I will be freeing up a large chunk of disk space!
Posted by yikes31 (71 comments )
Reply Link Flag
"standard" XML?
XML itself has no app-level semantics, unlike HTML. The only way you could accuse Word of using non-standard XML is if it couldn't be structurally parsed by an XML parser, which is not the case.
Posted by starmonkey1 (5 comments )
Reply Link Flag
To further a similar post...
I wonder if we could put:
&lt;firstname&gt;: Microsoft
&lt;lastname&gt;: Word

On this website --&gt;

<a class="jive-link-external" href="" target="_newWindow"></a>
Posted by morkster (7 comments )
Reply Link Flag
More OLD "news" from CNET
Just more old cut and paste "news" from the
<a class="jive-link-external" href="" target="_newWindow"></a>
"editors" at CNUT.
Posted by (156 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.