Cyber Alert
Cyber Alert: Microsoft Word Vulnerability
By U.S. CERT
Sep 7, 2006, 21:16

Microsoft Word Vulnerability

Original release date: September 7, 2006
Last revised: --
Source: US-CERT

Systems Affected

• Microsoft Word 2000

Other versions of Word and other Microsoft Office programs may also be affected.

Overview

A vulnerability in Microsoft Word 2000 could allow an attacker to gain control of your computer.

Solution

Do not open untrusted documents

Microsoft has not yet released an update to address this vulnerability. Do not open unfamiliar or unexpected Word or other Office documents, including those received as email attachments or hosted on a web site. For more information, please see Using Caution with Email Attachments.

Description

An attacker could exploit a vulnerability in Microsoft Word 2000 by convincing a user to open a specially crafted Word document. A Word document could be attached to an email message, hosted on a web site, or included in another Office document. This vulnerability may affect other versions of Word and other Microsoft Office programs.

For more technical information, see Vulnerability Note VU#806548 and Microsoft Security Advisory (925059).

References

• Vulnerability Note VU#806548 - <http://www.kb.cert.org/vuls/id/806548>
• Using Caution with Email Attachments - <http://www.us-cert.gov/cas/tips/ST04-010.html>
• Microsoft Security Advisory (925059) - <http://www.microsoft.com/technet/security/advisory/925059.mspx>
• Microsoft Security Essentials - <http://www.microsoft.com/protect/>