CVE-2006-5994

Name of the Vulnerable Software and Affected Versions Microsoft Word versions 2000 through 2002 Microsoft Office Word and Word Viewer 2003 Microsoft Word 2004 and 2004 v. X for Mac Microsoft Works versions 2004 through 2006

Description The issue allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption. A remote code execution vulnerability exists in the way Microsoft Word handles Word files with a specially crafted string. Such a specially crafted file might be included as an e-mail attachment or hosted on a malicious Web site. An attacker could exploit the issue by constructing a specially crafted Word file that could allow remote code execution.

Recommendations For Microsoft Word versions 2000 through 2002, update to a newer version to mitigate the risk. For Microsoft Office Word and Word Viewer 2003, update to a newer version to mitigate the risk. For Microsoft Word 2004 and 2004 v. X for Mac, update to a newer version to mitigate the risk. For Microsoft Works versions 2004 through 2006, update to a newer version to mitigate the risk. As a temporary workaround, consider avoiding the use of Word files from untrusted sources until a patch is available.