CVE-2006-1311

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions 2000 SP4, XP SP2, and 2003 SP1 Microsoft Office versions 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac Learning Essentials for Microsoft Office versions 1.0, 1.1, and 1.5

Description: A remote code execution issue exists in the RichEdit components provided with Microsoft Windows and Microsoft Office. This issue can be exploited when a user interacts with a malformed embedded OLE object within a Rich Text Format (RTF) file or a Rich Text e-mail message, which triggers memory corruption.

Recommendations: For Microsoft Windows versions 2000 SP4, XP SP2, and 2003 SP1, update to a newer version that contains a fix for this issue. For Microsoft Office versions 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac, update to a newer version that contains a fix for this issue. For Learning Essentials for Microsoft Office versions 1.0, 1.1, and 1.5, update to a newer version that contains a fix for this issue. As a temporary workaround, consider avoiding the use of RichEdit components when interacting with RTF files or Rich Text e-mail messages until a patch is available.