CVE-2008-3019

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2000 SP3, XP SP3, and 2003 SP2 Office Converter Pack Works version 8

Description A remote code execution issue exists due to the improper parsing of the length of an Encapsulated PostScript (EPS) file by Microsoft Office filters. This allows attackers to execute arbitrary code via a crafted EPS file. An attacker could exploit this by constructing a specially crafted EPS file that could allow remote code execution if a user opened the file with a Microsoft Office application. The file might be included as an e-mail attachment or hosted on a malicious Web site. Successful exploitation could give an attacker complete control of an affected system, but significant user interaction is required.

Recommendations For Microsoft Office versions 2000 SP3, XP SP3, and 2003 SP2, update to a version that properly handles EPS files to prevent remote code execution. For Office Converter Pack, ensure that the pack is updated to handle EPS files securely. For Works version 8, consider disabling the handling of EPS files until a secure update is available.