Attackers hitting yet another Word flaw

Another previously undocumented, yet-to-be-patched security vulnerability in Microsoft Word is actively being exploited in cyber attacks.

The vulnerability is the fourth zero-day vulnerability to arise in the Microsoft application in two months. Microsoft hasn't provided patches for any of the flaws, despite acknowledging the holes are being used in attacks on its customers.

A Microsoft representative said in a statement about the latest problem: "There have been very limited attacks reported that are attempting to use the reported vulnerability at this time." Redmond is investigating this latest report and may issue a patch, if needed, the representative said.

The newest problem allows an attacker to hijack systems running Word 2000 and causes a crash of Word 2003 and Word XP, Symantec said in an alert. "An attacker could exploit this issue by enticing a victim to open a malicious Word file," it said.

Security experts have said the limited-scale attacks are the most dangerous. Widespread worms, viruses or Trojan horses sent to millions of mailboxes are typically not a grave concern because they can be blocked. Instead, especially for businesses, targeted Trojan horses have become nightmares, as they can fly under the radar.

Symantec advises people to make sure their security software is up-to-date and urges caution when opening Word documents. Businesses should put policies in place to prevent Word documents from being distributed to users, Symantec said.

Joris Evers writes for CNET News.com