A flaw in Microsoft Word 2000, and possibly Word 2002 as well, could be used by hackers to crash PCs or perhaps run other code on the compromised machine, a security firm said Thursday.

According to an alert from Copenhagen-based Secunia, the bug in Word stems from an input validation error within the parsing of document files, and if exploited could cause a stack-based buffer overflow that in turn leads to a denial-of-service (DoS) and a crash.

The bug has been confirmed in Word 2000, but also reported (though not confirmed) in Word 2002, the version in Office XP.

"Due to the nature of the problem, execution of arbitrary code may potentially also be possible, though it has not been proven," Secunia's alert read.

Hackers could send specially-crafted documents as attachments, or entice users to malicious Web site where bad Word docs lie in wait. Unless the security level of Internet Explorer is set to "High" or the "File download" setting has been disabled, said Secunia, users clicking on Word doc links at a Web site could be at risk.

The security firm rates the bug as "Highly Critical." A patch for the problem is not yet available from Microsoft.