A security hole in Word is being used by hackers to run unauthorised software on a victim's computer.
Microsoft has confirmed the hole exists but is confined to Microsoft Word 2000. It has refused to comment further or say when it will be able to fix the problem.
The critical vulnerability was first reported by Symantec. Attackers are exploiting the flaw by sending malicious Word documents to victims, the company said. When these documents are opened, Word is tricked into installing malicious software on the PC. Symantec is calling it Trojan.MDropper.
Trojan.MDropper installs malicious software on the computer, which in turn installs another Trojan horse program "which turns out to be new variant of Backdoor.Femo," Symantec said.
Microsoft has spent a lot of time investigating and patching Office applications this year. Over the past few months there have been several reports concerning very targeted attacks, similar to this latest Office issue. Microsoft's most recent security updates have been filled with patches for Office flaws, many of which had already been used in attacks.