CVE-2007-1747

Name of the Vulnerable Software and Affected Versions: Microsoft Office 2000 SP3 Microsoft Office 2002 SP3 Microsoft Office 2003 SP2 Microsoft Office 2004 for Mac Microsoft Office 2007

Description: A remote code execution issue exists in the way Microsoft Office handles specially crafted drawing objects. This can be exploited when Office parses a file and processes a malformed drawing object, potentially allowing an attacker to execute arbitrary code. Such a specially crafted file might be included as an e-mail attachment or hosted on a malicious Web site. An attacker could exploit this by constructing a specially crafted Office file containing a malformed drawing object.

Recommendations: For Microsoft Office 2000 SP3, update to a version that includes the fix for this issue. For Microsoft Office 2002 SP3, update to a version that includes the fix for this issue. For Microsoft Office 2003 SP2, update to a version that includes the fix for this issue. For Microsoft Office 2004 for Mac, update to a version that includes the fix for this issue. For Microsoft Office 2007, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of files containing drawing objects from untrusted sources until a patch is available.