Overview

What is Microsoft Word 2000 Mail Merge Vulnerability Patch?

eliminates a security vulnerability which could allow a malicious user to run arbitrary code on a victim's computer without their approval.

In depth

A closer look at Microsoft Word 2000 Mail Merge Vulnerability Patch

If a Microsoft Access database is specified as a data source via DDE (Dynamic Data Exchange) in a Microsoft Word mail-merge document, macro code can run without the user’s approval when the user opens that document.

If a user can be enticed into opening a specially-constructed mail-merge Word document, which was provided either as an e-mail attachment or as a link hosted on a hostile Web site, it would be possible to cause arbitrary code to run on the user’s machine.

For such an attack to succeed, the victim would also need to possess the ability to reach the Access database via a UNC (Universal Naming Convention) share or file protocol.

If the user is behind a firewall and the best security practices have been followed, the ports required to access the database would be blocked.

Verdict

Should you download Microsoft Word 2000 Mail Merge Vulnerability Patch?

Microsoft Word 2000 Mail Merge Vulnerability Patch runs on Windows 98/Me/NT/2000 and is available under the Freeware license — the installer is 3 MB. We’ve catalogued it under Word Add-Ons.

Verified clean. Every Microsoft Word 2000 Mail Merge Vulnerability Patch build on SoftLookup is scanned for viruses, spyware, adware, trojans and backdoors. We re-test on every update.