Shih-Hao Weng

**Name of the Vulnerable Software and Affected Versions** Microsoft Word versions 2000 through 2003 Microsoft Word Viewer version 2003 **Description** The issue is related to a remote code execution vulnerability in the way Microsoft Word handles Word files with a specially crafted data structure. This could allow attackers to execute code via malformed data structures that trigger memory corruption. A specially crafted file might be included as an e-mail attachment or hosted on a malicious Web site, and an attacker could exploit the vulnerability by constructing such a file. **Recommendations** For Microsoft Word versions 2000 through 2003, update to a version that is not affected by this issue. For Microsoft Word Viewer version 2003, consider avoiding the use of this version until a patch or update is available that addresses the vulnerability. As a temporary workaround, consider restricting the opening of Word files from untrusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Word versions 2000 through 2002 Microsoft Office Word and Word Viewer 2003 Microsoft Word 2004 and 2004 v. X for Mac Microsoft Works versions 2004 through 2006 **Description** The issue allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption. A remote code execution vulnerability exists in the way Microsoft Word handles Word files with a specially crafted string. Such a specially crafted file might be included as an e-mail attachment or hosted on a malicious Web site. An attacker could exploit the issue by constructing a specially crafted Word file that could allow remote code execution. **Recommendations** For Microsoft Word versions 2000 through 2002, update to a newer version to mitigate the risk. For Microsoft Office Word and Word Viewer 2003, update to a newer version to mitigate the risk. For Microsoft Word 2004 and 2004 v. X for Mac, update to a newer version to mitigate the risk. For Microsoft Works versions 2004 through 2006, update to a newer version to mitigate the risk. As a temporary workaround, consider avoiding the use of Word files from untrusted sources until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PowerPoint (affected versions not specified) **Description** A remote code execution issue exists and could be exploited when a file containing a malformed shape container is parsed. Such a file might be included in an e-mail attachment or hosted on a malicious web site. An attacker could exploit this by constructing a specially crafted PowerPoint file that could allow remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Word versions in Office 2000 SP3 through Office 2003 SP2 Microsoft Works Suites versions through 2006 **Description** A buffer overflow issue in Microsoft Word allows user-assisted attackers to execute arbitrary code via a malformed object pointer. This was originally reported for a zero-day attack. The issue enables remote code execution when a specially crafted Word file is used. **Recommendations** For Microsoft Word versions in Office 2000 SP3 through Office 2003 SP2, update to a version that includes the fix for this issue. For Microsoft Works Suites versions through 2006, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of Microsoft Word to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Color Management Module for Windows (affected versions not specified) **Description** A buffer overflow issue in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.