CVE-2008-3021

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2000 SP3, XP SP3, and 2003 SP2 Office Converter Pack (affected versions not specified) Works version 8

Description A remote code execution issue exists in the way Microsoft Office handles PICT-format image files. This could be exploited when a Microsoft Office application opens a specially crafted PICT-format image file, potentially included as an e-mail attachment or hosted on a malicious Web site. An attacker who successfully exploits this issue could take complete control of an affected system, but significant user interaction is required.

Recommendations For Microsoft Office versions 2000 SP3, XP SP3, and 2003 SP2, update to a version that properly parses the length of a PICT file to prevent remote code execution. For Office Converter Pack, ensure that any PICT files are thoroughly validated before processing to minimize the risk of exploitation. For Works version 8, avoid opening specially crafted PICT-format image files until a fix is available.