Microsoft Word 97 / 2000 Mail Merge Code Execution Vulnerability
* There have been reports that the provided patches limit exploitation through dotted UNC paths only. Exploitation through files placed in a known local location may still be possible.
A Word 97 patch has been reported to be available as Microsoft KB Article Q272749.
Microsoft has released the following patches which eliminate the vulnerability:
Microsoft Word 2000