There's an unspecified new vulnerability affecting Word 2000 documents running on Windows 2000 systems. Although it's been exploited in the wild, security vendors are downplaying the threat as it is hard to execute on a victim's machine. Nonetheless, Microsoft has issued a Security Advisory for the vulnerablity which allows remote user-assisted attackers to execute arbitrary code on a compromised machine. Various security have identified the Trojans used in such attacks with names including Trojan.Mdropper.Q, Mofei, and Femo.
- Microsoft info: Security Advisory
- NIST.gov: CVE-2006-4534
- FrSIRT: ADV-2006-3448
- News.com: Word flaw hit with zero-day attack
- Secunia advisory #: 21735