Microsoft warns that an unpatched Word vulnerability has become the subject of targeted attacks.According to Microsoft’s testing, it only affects Microsoft Office Word 2002 Service Pack 3. Using the vulnerability a hacker can inject hostile code onto vulnerable system.
Redmond has published workarounds as a stop-gap measure while its researchers investigate the flaw in greater depth. The vulnerability has appeared in a number of samples on malware.
The timing of the arrival of the exploit means Microsoft had insufficient time to respond before its regular Patch Tuesday update, a factor that’s unlikely to be a coincidence. The ins and out of the flaw are still under investigation and will probably be withheld until a fix is unavailable. It’s also unclear who the attack is targeting, though historically unpatched Word exploits are a particular favorite of Chinese hackers.
For more details and workarounds visit Microsoft Security Advisory (953635)