Chaouki Bekrar

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista versions SP1 through SP2 Microsoft Windows Server 2008 versions Gold through SP2 Microsoft Office version XP SP3 **Description** The issue is related to an integer overflow in gdiplus.dll, which is part of GDI+ in Microsoft Windows and Office. This allows remote attackers to execute arbitrary code via a crafted EMF image. The vulnerability could be exploited if a user opens a specially crafted EMF image file, potentially allowing an attacker to take complete control of an affected system. This could enable the attacker to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system might be less impacted than those operating with administrative user rights. **Recommendations** For Microsoft Windows XP versions SP2 through SP3, apply the recommended patch to fix the integer overflow vulnerability in gdiplus.dll. For Microsoft Windows Server 2003 version SP2, apply the recommended patch to fix the integer overflow vulnerability in gdiplus.dll. For Microsoft Windows Vista versions SP1 through SP2, apply the recommended patch to fix the integer overflow vulnerability in gdiplus.dll. For Microsoft Windows Server 2008 versions Gold through SP2, apply the recommended patch to fix the integer overflow vulnerability in gdiplus.dll. For Microsoft Office version XP SP3, apply the recommended patch to fix the integer overflow vulnerability in gdiplus.dll.

**Name of the Vulnerable Software and Affected Versions** Microsoft Publisher versions 2002 SP3 through 2010 **Description** A remote code execution issue exists in the way Microsoft Publisher parses Publisher files, allowing attackers to execute arbitrary code via a crafted Publisher file that uses an old file format. An attacker could exploit this by creating a specially crafted Publisher file, which could be included as an e-mail attachment or hosted on a specially crafted or compromised Web site, and then convincing the user to open the file. If a user were logged on with administrative user rights, an attacker who successfully exploited this could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Publisher versions 2002 SP3 through 2010, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Publisher versions 2002 SP3 through 2007 SP2 **Description** The issue arises from the improper handling of an unspecified size field in certain older file formats by the pubconv.dll in Microsoft Publisher. This can lead to heap memory corruption, allowing remote attackers to execute arbitrary code or cause a denial of service. A remote code execution vulnerability exists in the way Microsoft Publisher parses Publisher files, which could be exploited by an attacker creating a specially crafted Publisher file. If successfully exploited, an attacker could take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights, especially if the user has administrative rights. **Recommendations** For Microsoft Publisher 2002 SP3, update to a newer version to mitigate the risk. For Microsoft Publisher 2003 SP3, update to a newer version to mitigate the risk. For Microsoft Publisher 2007 SP2, update to a newer version to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** Microsoft Publisher 2002 SP3 **Description** The issue allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format. A remote code execution vulnerability exists in the way that Microsoft Publisher opens Publisher files. An attacker could exploit the vulnerability by creating a specially crafted Publisher file that could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site, and then convincing the user to open the specially crafted Publisher file. If a user were logged on with administrative user rights, an attacker who successfully exploited this issue could take complete control of an affected system. **Recommendations** For Microsoft Publisher 2002 SP3, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Word versions 2002 SP3 Microsoft Office for Mac version 2004 **Description** A remote code execution issue exists in the way Microsoft Word handles index values inside a specially crafted Word file. This could allow an attacker to take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system may be less impacted than those operating with administrative user rights. **Recommendations** For Microsoft Word 2002 SP3, update to a version that is not affected by this issue. For Microsoft Office for Mac 2004, update to a version that is not affected by this issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Word versions 2002 SP3 Microsoft Office for Mac version 2004 **Description** A remote code execution issue exists in the way Microsoft Word handles bookmarks when parsing a specially crafted Word file. This could allow an attacker to execute arbitrary code, potentially taking complete control of an affected system. The attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights. **Recommendations** For Microsoft Word 2002 SP3, update to a version that is not affected by this issue. For Microsoft Office for Mac 2004, update to a version that is not affected by this issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Word version 2002 SP3 **Description** A double free vulnerability in Microsoft Word allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records. This issue exists in the way that Microsoft Word handles pointers when parsing a specially crafted Word file, which could allow an attacker to take complete control of an affected system. The attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than users who operate with administrative user rights. **Recommendations** For Microsoft Word 2002 SP3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Word version 2002 SP3 **Description** A remote code execution issue exists in the way Microsoft Word handles malformed records inside a specially crafted Word file. This could allow an attacker to execute arbitrary code and take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. The impact may be less severe for users with limited user rights compared to those operating with administrative rights. **Recommendations** For Microsoft Word 2002 SP3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Word version 2002 SP3 **Description** A remote code execution issue exists in the way Microsoft Word handles indexes when parsing a specially crafted Word file, allowing attackers to execute arbitrary code via a crafted Word document that triggers memory corruption. This could enable an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights. **Recommendations** For Microsoft Word 2002 SP3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Word versions 2002 SP3 Microsoft Office versions 2004 for Mac **Description** The issue allows remote attackers to execute arbitrary code via a crafted Word document, triggering memory corruption. A remote code execution vulnerability exists in the way that Microsoft Word parses a specially crafted Word file. An attacker who successfully exploited this issue could take complete control of an affected system, then install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than users who operate with administrative user rights. **Recommendations** For Microsoft Word version 2002 SP3, update to a version that is not affected by this issue. For Microsoft Office version 2004 for Mac, update to a version that is not affected by this issue. As a temporary workaround, consider avoiding the use of crafted Word documents that could trigger memory corruption until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions prior to the fixed version Office 2004 and 2008 for Mac versions prior to the fixed version Open XML File Format Converter for Mac versions prior to the fixed version **Description** A remote code execution issue exists due to improper validation of record information in Microsoft Excel, allowing attackers to execute arbitrary code via a crafted Excel document. This could enable an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Excel, update to a version that includes the fix for this issue. For Office 2004 and 2008 for Mac, update to a version that includes the fix for this issue. For Open XML File Format Converter for Mac, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of crafted Excel files until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions 2002 SP3 through 2003 SP3 Office versions 2004 through 2008 for Mac Open XML File Format Converter for Mac (affected versions not specified) **Description** A remote code execution issue exists due to improper validation of record information in Microsoft Excel, allowing attackers to execute arbitrary code via a crafted Excel document. This could enable an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Excel versions 2002 SP3 through 2003 SP3, update to a version that properly validates record information to prevent exploitation. For Office versions 2004 through 2008 for Mac, apply the necessary patches or updates to handle specially crafted Excel files securely. For Open XML File Format Converter for Mac, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions 2002 SP3 through 2003 SP3 Office 2004 for Mac **Description** A remote code execution issue exists due to improper validation of binary file-format information in Microsoft Excel, allowing attackers to execute arbitrary code via a crafted Excel document. This could enable an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Excel versions 2002 SP3 through 2003 SP3, update to a newer version to mitigate the risk. For Office 2004 for Mac, update to a newer version to mitigate the risk. As a temporary workaround, consider avoiding the use of specially crafted Excel files until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel version 2002 SP3 **Description** A remote code execution issue exists due to improper validation of record information in Microsoft Excel, allowing attackers to execute arbitrary code via a crafted Excel document. This could enable an attacker to take complete control of an affected system, potentially leading to the installation of programs, viewing, changing, or deleting data, or creating new accounts with full user rights. **Recommendations** For Microsoft Excel 2002 SP3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions prior to the fixed version Office 2004 and 2008 for Mac versions prior to the fixed version Open XML File Format Converter for Mac versions prior to the fixed version **Description** A remote code execution issue exists in the way Microsoft Excel handles specially crafted Excel files. This allows remote attackers to execute arbitrary code via a crafted Excel document. An attacker who successfully exploits this issue could take complete control of an affected system, then install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Excel, update to a version that includes the fix for this issue. For Office 2004 and 2008 for Mac, update to a version that includes the fix for this issue. For Open XML File Format Converter for Mac, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of specially crafted Excel files until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions prior to the fixed version Office 2004 and 2008 for Mac (affected versions not specified) Open XML File Format Converter for Mac (affected versions not specified) **Description** A remote code execution issue exists due to improper validation of record information in Microsoft Excel, allowing attackers to execute arbitrary code via a crafted Excel document. This could enable an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Excel, update to a version that includes the fix for this issue. For Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Word versions 2002 SP3 Office 2004 for Mac **Description** A remote code execution issue exists in the way Microsoft Word handles return values when parsing a specially crafted Word file. This could allow an attacker to execute arbitrary code via a crafted document that triggers memory corruption. An attacker who successfully exploits this issue could take complete control of an affected system, then install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than users who operate with administrative user rights. **Recommendations** For Microsoft Word 2002 SP3, update to a version that properly handles return values during parsing of a Word document to prevent memory corruption. For Office 2004 for Mac, update to a version that correctly handles return values when parsing a specially crafted Word file to mitigate the risk of remote code execution.

**Name of the Vulnerable Software and Affected Versions** Microsoft Word versions 2002 SP3 Office 2004 for Mac **Description** A remote code execution issue exists due to improper handling of an uninitialized pointer during the parsing of a Word document. This allows attackers to execute arbitrary code via a crafted document, triggering memory corruption. An attacker who successfully exploits this issue could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. The impact may be less severe for users with limited user rights compared to those operating with administrative rights. **Recommendations** For Microsoft Word 2002 SP3, update to a version that properly handles pointer initialization during document parsing to prevent memory corruption. For Office 2004 for Mac, apply the necessary patch or update to ensure secure handling of Word documents and prevent remote code execution.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 4.1.3 Apple Safari versions 5.0.x prior to 5.0.3 Google Chrome versions prior to 6.0.472.53 webkitgtk versions prior to 1.2.6 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in an application crash, via vectors involving element focus. This is due to a use-after-free vulnerability in WebKit. **Recommendations** For Apple Safari versions prior to 4.1.3, update to version 4.1.3 or later. For Apple Safari versions 5.0.x prior to 5.0.3, update to version 5.0.3 or later. For Google Chrome versions prior to 6.0.472.53, update to version 6.0.472.53 or later. For webkitgtk versions prior to 1.2.6, update to version 1.2.6 or later.