CVE-2006-4534

Name of the Vulnerable Software and Affected Versions Microsoft Word versions 2000 through 2003 Microsoft Office version 2003

Description The issue allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file, resulting in a malformed stack. This could be exploited when Microsoft Word opens a specially crafted file, which might be included as an e-mail attachment or hosted on a malicious web site. Malware such as Trojan.Mdropper.Q, Mofei, and Femo have been known to exploit this issue.

Recommendations For Microsoft Word versions 2000 through 2003, update to a version that is not affected by this issue. For Microsoft Office version 2003, update to a version that is not affected by this issue. As a temporary workaround, consider avoiding the use of Microsoft Word to open files from untrusted sources until a patch is available. Restrict access to e-mail attachments and malicious web sites to minimize the risk of exploitation.