Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately
Security Update Replacement: None
This Security Bulletin covers multiple CVE items as indicated below:
CVE-2006-1316 ? Microsoft Office
It appears that all of the Microsoft Office 2000, 2002, 2003 programs are affected. Not affected is Works applications.
This is another remote code execution problem and appears to impact Office 2000 applications the worse lending to a critical assessment. The other versions of Office identified as vulnerable are listed as important for all three of the CVE?s.
From Microsoft Bulletin
A remote code execution vulnerability exists in Office, and could be exploited when a malformed string included in an Office file was parsed by any of the affected Office applications. Such a string might be included in an email attachment processed by one of the affected applications or hosted on a malicious web site. Viewing or previewing a malformed email message in an affected version of Outlook could not lead to exploitation of this vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Office file that could allow remote code execution.
In all three cases the only tested work around is NOT to open attachments from untrusted sources. I guess that means to apply the patch ASAP.
Jul 11th 2006
1 decade ago