CVE-2007-1202

Name of the Vulnerable Software and Affected Versions Microsoft Word versions in Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006

Description The issue is related to the improper parsing of certain rich text "property strings of certain control words" in Microsoft Word, which can lead to heap corruption and allow remote attackers to execute arbitrary code. This can be triggered by a specially crafted Word file, potentially included as an email attachment or hosted on a malicious website.

Recommendations For Microsoft Word in Office 2000 SP3, update to a version that includes the fix for this issue. For Microsoft Word in Office XP SP3, update to a version that includes the fix for this issue. For Microsoft Word in Office 2003 SP2, update to a version that includes the fix for this issue. For Microsoft Word 2004 for Mac, update to a version that includes the fix for this issue. For Microsoft Word in Works Suite 2004, 2005, and 2006, update to a version that includes the fix for this issue.