CVE-2007-0209

Name of the Vulnerable Software and Affected Versions Microsoft Word versions in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac

Description A remote code execution issue exists in Microsoft Word, where an attacker could exploit this by constructing a specially crafted Word file with a malformed drawing object. This could lead to memory corruption and allow remote code execution when Word parses the file. Such a file might be included as an e-mail attachment or hosted on a malicious Web site.

Recommendations For Microsoft Word in Office 2000 SP3, update to a version that includes the fix for this issue. For Microsoft Word in XP SP3, update to a version that includes the fix for this issue. For Microsoft Word in Office 2003 SP2, update to a version that includes the fix for this issue. For Microsoft Word in Works Suite 2004 to 2006, update to a version that includes the fix for this issue. For Microsoft Word in Office 2004 for Mac, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of Word files from untrusted sources until a patch is available.