Microsoft Word Two Vulnerabilities( 14 May 2008 )
RISK: Medium Risk
1. Object Parsing Vulnerability
A remote code execution vulnerability exists in the way that Microsoft Office handles specially crafted Rich Text Format (.rtf) files. The vulnerability could allow remote code execution if a user opens a specially crafted .rtf file with malformed strings in Word or previews a specially crafted .rtf file with malformed strings in rich text e-mail. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
2. Word Cascading Style Sheet (CSS) Vulnerability
A remote code execution vulnerability exists in the way that Microsoft Word handles specially crafted Word files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed CSS value. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Impact
- Remote Code Execution
System / Technologies affected
- Microsoft Office 2000
- Microsoft Office XP
- Microsoft Office 2003
- 2007 Microsoft Office System
- Microsoft Word 2000
- Microsoft Word 2002
- Microsoft Word 2003
- Microsoft Word 2007
- Microsoft Outlook 2007
- Microsoft Word Viewer 2003
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch
- Microsoft Office 2000 Service Pack 3
- Microsoft Word 2000 Service Pack 3 - Microsoft Office XP Service Pack 3
- Microsoft Word 2002 Service Pack 3 - Microsoft Office 2003 Service Pack 2
- Microsoft Word 2003 Service Pack 2 - Microsoft Office 2003 Service Pack 3
- Microsoft Word 2003 Service Pack 3 - 2007 Microsoft Office System
- Microsoft Word 2007
- Microsoft Outlook 2007 - 2007 Microsoft Office System Service Pack 1
- Microsoft Word 2007 Service Pack 1
- Microsoft Outlook 2007 Service Pack 1 - Microsoft Word Viewer 2003
- Microsoft Word Viewer 2003 Service Pack 3
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
Vulnerability Identifier
Source
Related Link
Share with