Tuesday, January 1, 2008

Microsoft Word 2000 Unspecified Code Execution Vulnerability

What can you do about it, nothing until Microsoft issues a patch but you should be aware of it. Here is the overview from SecurityFocus:

Microsoft Word 2000 is prone to an unspecified remote code-execution vulnerability.

Microsoft Word 2000 is confirmed vulnerable to an unspecified remote code-execution issue. Exploit attempts against Word 2003/XP will consume all CPU resources and will cause a denial of service for legitimate users.

Note that this issue is distinct from issues described in BID 21589 (Microsoft Word Code Execution Vulnerability), BID 21451 (Microsoft Word Unspecified Remote Code Execution Vulnerability), and BID 21518 (Microsoft Word Unspecified Code Execution Vulnerability).

The only preventative measure being offered currently is this one by Symantec.

To protect yourself against these threats, do not trust unsolicited files or documents about “interesting” topics. Do not open attachments unless they are expected and come from a known and trusted source.