CVE-2008-4024

Name of the Vulnerable Software and Affected Versions Microsoft Office Word versions 2000 SP3 and 2002 SP3 Microsoft Office 2004 for Mac

Description A remote code execution issue exists in the way Word handles specially crafted Word files, potentially allowing arbitrary code execution if a user opens a malformed file. This could be triggered by a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), bypassing an initialization step and causing an "arbitrary free." Users with fewer user rights on the system may be less impacted than those operating with administrative rights.

Recommendations For Microsoft Office Word 2000 SP3, update to a version that is not affected by this issue. For Microsoft Office Word 2002 SP3, apply the necessary patch or update to a secure version. For Microsoft Office 2004 for Mac, consider disabling the handling of specially crafted Word files until a patch is available.