[Microsoft Alert] Microsoft Security Bulletin MS06-038
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)
Issued: July 11, 2006
Version: 1.0
Summary
Who should read this document: Customers who use Microsoft Office
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately
Security Update Replacement: None
Vulnerability Details:
A remote code execution vulnerability exists in Office, and could be exploited when a malformed string included in an Office file was parsed by any of the affected Office applications. Such a string might be included in an email attachment processed by one of the affected applications or hosted on a malicious web site. Viewing or previewing a malformed email message in an affected version of Outlook could not lead to exploitation of this vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Office file that could allow remote code execution.
Affected Software:
Microsoft Office 2003 Service Pack 1 or Service Pack 2
Microsoft Office XP Service Pack 3
Microsoft Office 2000 Service Pack 3
Microsoft Project 2002 Service Pack
