CVE-2008-1091

Name of the Vulnerable Software and Affected Versions Microsoft Word in Office versions 2000 through 2007 Office System SP1

Description A remote code execution issue exists in the way Microsoft Office handles specially crafted Rich Text Format (.rtf) files. This could allow remote code execution if a user opens a specially crafted .rtf file with malformed strings in Word or previews a specially crafted .rtf file with malformed strings in rich text e-mail. An attacker who successfully exploits this issue could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Word in Office versions 2000 through 2007 Office System SP1, update to a version later than 2007 Office System SP1 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.