CVE-2008-3018

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2000 SP3, XP SP3, and 2003 SP2 Office Converter Pack Works version 8

Description A remote code execution issue exists in the way Microsoft Office handles PICT-format image files. This could be exploited when a Microsoft Office application opens a specially crafted PICT-format image file, potentially included as an e-mail attachment or hosted on a malicious Web site. An attacker who successfully exploits this issue could take complete control of an affected system, although significant user interaction is required.

Recommendations For Microsoft Office versions 2000 SP3, XP SP3, and 2003 SP2, consider avoiding the use of PICT-format image files until a patch is available. For Office Converter Pack, restrict the handling of PICT-format image files to minimize the risk of exploitation. For Works version 8, avoid opening specially crafted PICT-format image files until the issue is resolved. As a temporary workaround, consider disabling the handling of PICT-format image files in Microsoft Office applications until a patch is available.