CVE-2009-1533

Name of the Vulnerable Software and Affected Versions: Microsoft Office versions 2000 SP3 through 2007 SP1 Works versions 8.5 through 9

Description: A buffer overflow issue exists in the Works for Windows document converters, allowing remote attackers to execute arbitrary code via a crafted Works .wps file. This could trigger memory corruption. The vulnerability could allow remote code execution if a user opens a specially crafted .wps file. Users with fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Recommendations: For Microsoft Office 2000 SP3, update to a version that includes the fix for this issue. For Microsoft Office XP SP3, update to a version that includes the fix for this issue. For Microsoft Office 2003 SP3, update to a version that includes the fix for this issue. For Microsoft Office 2007 SP1, update to a version that includes the fix for this issue. For Works 8.5 and 9, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of the Works for Windows document converters to minimize the risk of exploitation.