Microsoft Corp. (NASDAQ: MSFT), the worldâ€™s largest software maker, said that it is investigating a vulnerability in its Microsoft Word 2000 word processor that may allow remote users with malicious intent to take control of a userâ€™s computer.
The Redmond-Wash.-based firm issued a security advisory on Friday stating that it is working on a solution for the problem which may include an online software security update. The company said that the vulnerability can be exploited through a specially made Word documents that compromise a users computer, allowing an attacker to run software on the host.
In order for the attack to be carried out, a user must first open the Word file attached to an email or a word file provided to the user in another way. When opened, the file will corrupt the system memory, overflowing the boundaries typically allocated for a program, Microsoft said.
The resulting overflow could cause other programs to crash, or in the worst case, could allow malicious code to allocate memory.
Users are advised not open attachments from unreliable sources. In addition, Microsoft said that it added detection to the Windows Live OneCare Saftey scanner, that can remove malicious software that attempts to exploit this vulnerability.
The company said the exploit is confined only to its Word 2000 product for Windows based PCs. Other versions of Word, including those for Apple's Mac computers are not affected.
More on the web:
Microsoft Security Advisory (932114)