CVE-2008-3460

Name of the Vulnerable Software and Affected Versions Microsoft Office 2000 SP3 Microsoft Office XP SP3 Microsoft Office 2003 SP2 Office Converter Pack Works 8

Description A remote code execution issue exists in the way Microsoft Office handles WordPerfect Graphics (WPG) format image files. This could be exploited when Microsoft Office opens a specially crafted WPG-format image file or a WordPerfect document file with a malformed WPG image embedded. Such files might be included as e-mail attachments or hosted on malicious Web sites. An attacker who successfully exploits this issue could take complete control of an affected system, but significant user interaction is required.

Recommendations For Microsoft Office 2000 SP3, update to a version that includes the fix for this issue. For Microsoft Office XP SP3, update to a version that includes the fix for this issue. For Microsoft Office 2003 SP2, update to a version that includes the fix for this issue. For Office Converter Pack, update to a version that includes the fix for this issue. For Works 8, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of WPG files in Microsoft Office until a patch is available.