Want CNET to notify you of price drops and the latest stories?
X
WWDC: Everything We ExpectRemote Working in ParadiseBest Mineral SunscreensBest Solar CompaniesCNET CouponsMeal Subscription vs. TakeoutBest Satellite Internet ProvidersCurrent Mortgage Rates
Unspecified Code Execution Vulnerability in Word 2000
Zero-day exploit targets Microsoft Word 2000 documents
Robert Vamosi Former Editor
As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.
There's an unspecified new vulnerability affecting Word 2000 documents running on Windows 2000 systems. Although it's been exploited in the wild, security vendors are downplaying the threat as it is hard to execute on a victim's machine. Nonetheless, Microsoft has issued a Security Advisory for the vulnerablity which allows remote user-assisted attackers to execute arbitrary code on a compromised machine. Various security have identified the Trojans used in such attacks with names including Trojan.Mdropper.Q, Mofei, and Femo.
Additional Resources:
- Microsoft info: Security Advisory
- NIST.gov: CVE-2006-4534
- FrSIRT: ADV-2006-3448
- News.com: Word flaw hit with zero-day attack
- Secunia advisory #: 21735