CVE-2006-3868

Name of the Vulnerable Software and Affected Versions Microsoft Office versions XP through 2003

Description A remote code execution issue exists in Microsoft Office, allowing attackers to execute arbitrary code via a malformed Smart Tag when Office opens a specially crafted file. Such files might be included as e-mail attachments or hosted on malicious websites. An attacker could exploit this by constructing a specially crafted Office file, but viewing or previewing a malformed e-mail message in Outlook would not lead to exploitation.

Recommendations For Microsoft Office versions XP through 2003, consider avoiding the use of Smart Tags until a patch is available. As a temporary workaround, refrain from opening suspicious or specially crafted Office files from untrusted sources. Restrict access to malicious websites and be cautious with e-mail attachments to minimize the risk of exploitation.