Only hours after Microsoft fixed a handful of vulnerabilities in several of its programs, Symantec warned of active attacks targeting a zero-day flaw in Word. The software giant today echoed those warnings, confirming that the flaw – which is restricted to Microsoft Office Word 2002 Service Pack 3 – creates a mechanism for hackers to inject hostile code onto vulnerable systems.
The company nonetheless downplayed the threat saying they are “aware only of limited, targeted attacks that attempt to use this vulnerability” and suggested a couple of workarounds while they investigate the problem. The zero-day is the second one acknowledged by Microsoft this week. On Monday, the company issued an advisory warning of active exploits on a zero-day flaw in the Snapshot Viewer ActiveX control for Microsoft Access.