MS Investigation on Vulnerability in MS word which could allow Remote Code Execution.

Here is a security advisory on MS word. Microsoft says it is still investigating the issue. Please check the alert and report in case you feel you have been attacked.

Microsoft is investigating new public reports of a possible vulnerability in Microsoft Office Word 2002 Service Pack 3. Our initial investigation indicates that customers who use all other supported versions of Microsoft Office Word, Microsoft Office Word Viewer, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, and Microsoft Office for Mac are not affected.

At this time, Microsoft is aware of limited, targeted attacks that attempt to use this vulnerability. While Microsoft Office Word 2000 does not appear vulnerable to this issue, Word 2000 may unexpectedly exit when opening a specially crafted .doc file that the attacker is using in an attempt to exploit the vulnerability.

Purpose of Advisory : To provide customers with initial notification of the publicly disclosed vulnerability. For more information see the “Workarounds” and “Suggested Actions” sections of the security advisory.

Advisory Status : The issue is currently under investigation.

Recommendation : Do not open or save Microsoft Office files that you receive from untrusted sources or that are received unexpectedly from trusted sources.

Affected Software : Microsoft Office Word 2002 Service Pack 3.

Customers who believe that they have been attacked can obtain security support at http://www.microsoft.com/protect/support/default.mspx and should contact the national law enforcement agency in their country. Customers in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-PCSAFETY. Additionally, customers in the United States should contact their local FBI office or report their situation at www.ic3.gov.

http://www.microsoft.com/technet/security/advisory/953635.mspx

Cheers

Romanus