Another Microsoft Word zero-day vulnerability has been discovered - the fourth in two months.The flaw can be exploited by hackers to execute arbitrary code and compromise computers using Word 2000/2003 and Windows XP, according to security experts at Symantec, who rated the problem “extremely critical”.
“An attacker could exploit this issue by enticing a victim to open a malicious Word file,” the security company said in an advisory. “If the attack is successful, the attacker may be able to execute arbitrary code in the context of the currently logged-in user.”
The software giant is yet to patch any of the vulnerabilities found over the past couple of months and is unlikely to provide a solution before the 13th February, when the company issues its monthly updates.
“There have been very limited attacks reported that are attempting to use the vulnerability at this time,” a Microsoft spokesperson said in a statement. “Microsoft will continue to investigate the public reports to help provide additional guidance for customers as necessary.”