CVE-2006-0033

Name of the Vulnerable Software and Affected Versions: Microsoft Office 2003 versions SP1 through SP2 Microsoft Office XP version SP3 Microsoft Office 2000 version SP3

Description: A remote code execution issue exists in Office, allowing attackers to execute arbitrary code when a crafted PNG image is parsed, potentially leading to memory corruption. This issue can be exploited when Office opens a malformed PNG file. If a user with administrative rights is logged on, a successful exploitation could grant an attacker complete control of the affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system may be less affected than those operating with administrative user rights.

Recommendations: For Microsoft Office 2003 versions SP1 through SP2, update to a version that includes the fix for this issue. For Microsoft Office XP version SP3, update to a version that includes the fix for this issue. For Microsoft Office 2000 version SP3, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of PNG images in Office until a patch is available.