CVE-2006-2389

Name of the Vulnerable Software and Affected Versions Microsoft Office 2003 versions SP1 through SP2 Microsoft Office XP version SP3 Microsoft Office 2000 version SP3

Description A remote code execution issue exists in Office, allowing attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths. This can be exploited when a malformed property included in an Office file is parsed by any of the affected Office applications. Such a property might be included in an email attachment processed by one of the affected applications or hosted on a malicious web site. An attacker could exploit the issue by constructing a specially crafted Office file that could allow remote code execution.

Recommendations For Microsoft Office 2003 versions SP1 through SP2, update to a version that includes the fix for this issue. For Microsoft Office XP version SP3, update to a version that includes the fix for this issue. For Microsoft Office 2000 version SP3, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of Office files from untrusted sources until a patch is available.