Microsoft has released Security Advisory 929433 – Vulnerability in Microsoft Word Could Allow Remote Code Execution - on 05 Dec 2006.
Microsoft is investigating new public reports of limited “zero-day” attacks using a vulnerability in Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word 2004 for Mac, and Microsoft Word 2004 v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006.
In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker.
Review Microsoft Security Advisory 929433 for an overview of the issue, details on affected components, mitigating factors, suggested actions, frequently asked questions (FAQ) and links to additional resources.
Customers who believe they have been attacked should contact their local FBI office or report their situation to www.ic3.gov. Customers outside the U.S. should contact the national law enforcement agency in their country.
Customers who believe they are affected can contact Product Support Services. Contact Product Support Services in North America for help with security update issues or viruses at no charge using the PC Safety line (1-866-PC-SAFETY) and international customers by using any method found at this location: http://support.microsoft.com/security.