Microsoft Word users are vulnerable to an attack that could allow hackers to gain remote access to their computer.
Organisations using Microsoft Word 2000 Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007, and Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1, could be affected by the vulnerability.
An attacker could gain control by posting a specially crafted Word file on a website.
"Current attacks require customers to take multiple steps in order to be successful we believe the risk to be limited," said Microsoft.
The software supplier said it would provide a security update either through its monthly release process or through an out-of-cycle security update once it had completed its investigation into the attack.
The flaw exploits a vulnerability in Jet Database Engine used by a number of products including Microsoft Access.
Microsoft is investigating whether other programs may also be exploited in this type of attack.