CVE-2008-0109

Name of the Vulnerable Software and Affected Versions Microsoft Word versions in Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003

Description A remote code execution issue exists in the way that Word handles specially crafted Word files. This could allow remote code execution if a user opens a specially crafted Word file that includes a malformed value. An attacker who successfully exploits this issue could take complete control of an affected system, then install programs, view, change, or delete data, or create new accounts with full user rights. The issue is triggered by crafted fields within the File Information Block (FIB) of a Word file, which causes length calculation errors and memory corruption.

Recommendations For Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003, at the moment, there is no information about a newer version that contains a fix for this issue.