Hackers are exploiting a new, zero-day vulnerability in Microsoft Word that could allow remote code execution on the victim’s machine, says security vendor Symantec.
The zero-day vulnerability is the fourth in Microsoft’s Word that has not yet been patched. The vulnerability is caused due to an unspecified error when parsing Word documents and can be exploited to execute arbitrary code on the user’s system.
Security research company Secunia rates this vulnerability as extremely critical and says that the vulnerability is being actively exploited. However, Microsoft says that attacks are very limited.