CVE-2006-1316

Name of the Vulnerable Software and Affected Versions Microsoft Office 2003 versions SP1 through SP2 Microsoft Office XP version SP3 Microsoft Office 2000 version SP3

Description A remote code execution issue exists in Microsoft Office, allowing user-assisted attackers to execute arbitrary code via an Office file with a malformed string that triggers memory corruption related to record lengths. This can occur when a specially crafted Office file is parsed by any of the affected Office applications. The issue may be exploited through email attachments or files hosted on malicious websites. However, viewing or previewing a malformed email message in an affected version of Outlook does not lead to exploitation.

Recommendations For Microsoft Office 2003 versions SP1 through SP2, update to a version that includes a fix for this issue. For Microsoft Office XP version SP3, update to a version that includes a fix for this issue. For Microsoft Office 2000 version SP3, update to a version that includes a fix for this issue. As a temporary workaround, consider avoiding the use of malformed strings in Office files until a patch is available. Restrict access to email attachments and files from untrusted sources to minimize the risk of exploitation.