Affects Software:

Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office XP
Microsoft Word 2002
Microsoft Word 2003

Description:

A vulnerability has been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error. This can be exploited to execute arbitrary code.

NOTE: This vulnerability is being actively exploited.

The vulnerability has been reported in Microsoft Word 2002 and Microsoft Word 2003.

Solution:

Do not open untrusted Office documents.

Provided and/or discovered by:

This vulnerability has been discovered in the wild as a "Zero-day" while investigating a system compromise.

Other References:

SANS: http://isc.sans.org/diary.php?storyid=1345

Microsoft Security Advisory (919637) (http://www.microsoft.com/technet/security/advisory/919637.mspx)
Vulnerability in Word Could Allow Remote Code Execution

Microsoft is investigating new public reports of limited “zero-day” attacks using a vulnerability in Microsoft Word XP and Microsoft Word 2003. In order for this attack to be carried out, a user must first open a malicious Word document attached to an e-mail or otherwise provided to them by an attacker. Microsoft will continue to investigate the public reports to help provide additional guidance for customers as necessary.

Microsoft is completing development of a security update for Microsoft Word that addresses this vulnerability. The security update is now being finalized through testing to ensure quality and application compatibility and is on schedule to be released as part of the June security updates on June 13, 2006, or sooner as warranted.