Microsoft Word 97 / 2000 Mail Merge Code Execution Vulnerability

Microsoft Word 97 / 2000 Mail Merge Code Execution Vulnerability

Solution:
* There have been reports that the provided patches limit exploitation through dotted UNC paths only. Exploitation through files placed in a known local location may still be possible.

A Word 97 patch has been reported to be available as Microsoft KB Article Q272749.

Microsoft has released the following patches which eliminate the vulnerability:

Microsoft Word 2000

Microsoft wrdacc
http://download.microsoft.com/download/word2000/wrdacc/2000/WIN98/EN-U S/wrdacc.exe