Want CNET to notify you of price drops and the latest stories?

Unspecified Code Execution Vulnerability in Word 2000

Zero-day exploit targets Microsoft Word 2000 documents

Robert Vamosi Former Editor
As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.
Robert Vamosi

There's an unspecified new vulnerability affecting Word 2000 documents running on Windows 2000 systems. Although it's been exploited in the wild, security vendors are downplaying the threat as it is hard to execute on a victim's machine. Nonetheless, Microsoft has issued a Security Advisory for the vulnerablity which allows remote user-assisted attackers to execute arbitrary code on a compromised machine. Various security have identified the Trojans used in such attacks with names including Trojan.Mdropper.Q, Mofei, and Femo.

Additional Resources: