Microsoft has issued a Security Advisory that warns of exploits for a previously unknown (zero day) hole in various versions of Microsoft Word. According to an e-mail statement from the company"s public relations firm, Microsoft has knowledge of "limited "zero-day" attacks using a vulnerability in Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word 2004 v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006.
MS investigates Word zero-day
The company"s published advisory doesn"t have much more information than that, except to say that victims would have to open a malicious Word file with "a malformed string," that could then "corrupt system memory in such a way that an attacker could execute arbitrary code."