Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Recommendation: Customers should apply the update immediately Security Update Replacement: None This Security Bulletin covers
multiple CVE items as indicated below: CVE-2006-1316 ? Microsoft Office
Parsing Vulnerability It appears that all of the Microsoft Office 2000, 2002, 2003 programs are affected. Not affected is Works applications. Summary This is another remote code execution problem and appears to impact Office 2000 applications the worse lending to a critical assessment. The other versions of Office identified as vulnerable are listed as important for all three of the CVE?s. From Microsoft Bulletin A remote code execution vulnerability exists in Office, and could be exploited
when a malformed string included in an Office file was parsed by any of the
affected Office applications. Such a string might be included in an email
attachment processed by one of the affected applications or hosted on a
malicious web site. Viewing or previewing a malformed email message in an
affected version of Outlook could not lead to exploitation of this
vulnerability. An attacker could exploit the vulnerability by
constructing a specially crafted Office file that could allow remote code execution. In all three cases the only tested work around is NOT to open attachments from untrusted sources. I guess that means to apply the patch ASAP. |
Deborah 278 Posts ISC Handler |
Subscribe |
Jul 11th 2006 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!