CVE-2008-4026

Name of the Vulnerable Software and Affected Versions Microsoft Office Word versions 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 Word Viewer 2003 Gold and SP3 Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 Office 2004 and 2008 for Mac Open XML File Format Converter for Mac

Description A remote code execution issue exists due to the way Word handles specially crafted Word files. This could allow remote code execution if a user opens a specially crafted Word file with a malformed value. The impact may be less severe for users with limited system privileges compared to those with administrative rights.

Recommendations For Microsoft Office Word 2000 SP3, update to a version that is not affected by this issue. For Microsoft Office Word 2002 SP3, update to a version that is not affected by this issue. For Microsoft Office Word 2003 SP3, update to a version that is not affected by this issue. For Microsoft Office Word 2007 Gold and SP1, update to a version that is not affected by this issue. For Word Viewer 2003 Gold and SP3, update to a version that is not affected by this issue. For Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1, update to a version that is not affected by this issue. For Office 2004 and 2008 for Mac, update to a version that is not affected by this issue. For Open XML File Format Converter for Mac, update to a version that is not affected by this issue. As a temporary workaround, consider avoiding the use of malformed Word files until a patch is available.