With a week to go before Microsoft releases its next batch of security patches, vulnerability watchers are warning of a new zero-day Word flaw that attackers could exploit to take control of Windows 2000 machines.

The threat was first reported Saturday by Cupertino, Calif.-based antivirus giant Symantec Corp. in an email advisory to customers of its DeepSight Threat Management Service.

According to Symantec's analysis, Microsoft Word is prone to an unspecified remote code-execution vulnerability attackers could exploit to execute arbitrary code on a vulnerable computer by supplying a malicious Word document to a user. If a recipient opens such a document, an attacker could "gain subsequent unauthorized access to the computer in the context of the user."
Source