Severity: High
13 May, 2008
Summary:
- These vulnerabilities affect: Many current versions of Microsoft Office for Windows and Mac (also affects Word Viewer and Office Compatibility Pack)
- How an attacker exploits them: By enticing you to open maliciously crafted Office documents
- Impact: An attacker can execute code, potentially gaining complete control of your computer
- What to do: Install the appropriate Office patches immediately
Exposure:
Today, Microsoft released two security bulletins describing three vulnerabilities found in components or programs that ship with Microsoft Office for Windows (and in one case, Office for Mac). Some of the vulnerabilities also affect Microsoft Word Viewer and the Office Compatibility Pack. Each vulnerability affects different versions of Office to a different extent. The three flaws affect different components and applications within Office, but the end result is always the same: By enticing one of your users into downloading and opening a maliciously crafted Office document, an attacker can exploit any of these vulnerabilities to execute code on a victim’s computer, usually inheriting that user’s level of privileges and permissions. If your user has local administrative privileges, the attacker gains full control of the user’s machine.