Unspecified Code Execution Vulnerability in Word 2000

Zero-day exploit targets Microsoft Word 2000 documents

There's an unspecified new vulnerability affecting Word 2000 documents running on Windows 2000 systems. Although it's been exploited in the wild, security vendors are downplaying the threat as it is hard to execute on a victim's machine. Nonetheless, Microsoft has issued a Security Advisory for the vulnerablity which allows remote user-assisted attackers to execute arbitrary code on a compromised machine. Various security have identified the Trojans used in such attacks with names including Trojan.Mdropper.Q, Mofei, and Femo.

Additional Resources:

Featured Video