12:50 pm, 16 Apr 09
security bugs
http://seclists.org/fulldisclosure/2009/Apr/0129.html:
VIII. DISCLOSURE TIMELINEThat's a loooong time to sit on a bug.
06/28/2006 - Initial Contact
06/29/2006 - PoC Requested
06/29/2006 - PoC Sent
10/05/2006 - Vendor Status Update
01/24/2007 - Vendor Status Update
02/12/2008 - Vendor Status Update
03/31/2009 - CVE Assigned
04/14/2009 - Coordinated Public Disclosure
Then again, http://support.microsoft.com/gp/lifeoffice says "Office 2000 extended support period will last from July 1, 2004 through July 14, 2009" and according to http://support.microsoft.com/gp/lifepolicy extended support implies security updates.
(WPFT632.CNV, with file version 1998.1.27.0) in Microsoft Word 2000
Service Pack 3 is vulnerable." — the bug is over
teneleven years old :-(