The zero-day flaw, which is could let an attacker gain remote access to a person's system, affects Word 2000, Word 2002, Word 2003 and Word Viewer 2003, according to a Microsoft security advisory posted Sunday night. Word 2007 is not affected, Microsoft said.

"From the initial reports and investigation, we can confirm that the vulnerability is being exploited on a very, very limited and targeted basis," Microsoft stated in its advisory.

Nonetheless, security provider Secunia said Monday that it is rating this latest Word security flaw as "extremely critical" because it is unpatched and because malicious attackers are currently exploiting the vulnerability.

C/Net News