CVE-2008-4027

Name of the Vulnerable Software and Affected Versions Microsoft Office Word versions 2000 SP3 through 2007 SP1 Microsoft Office Outlook version 2007 Gold and SP1 Microsoft Office Word Viewer version 2003 Gold and SP3 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats versions Gold and SP1 Microsoft Office version 2004 for Mac

Description A remote code execution issue exists in the way Microsoft Office handles specially crafted Rich Text Format (RTF) files. This could allow remote code execution if a user opens a specially crafted RTF file with malformed control words in Word, or views or previews a specially crafted RTF file with malformed control words in rich text e-mail. An attacker who successfully exploits this issue could take control of an affected system in the context of the currently logged-on user, potentially installing programs, viewing, changing, or deleting data, or creating new accounts with full user rights. The issue is triggered by multiple consecutive Drawing Object (do) tags in an RTF file or rich text e-mail message, leading to a memory calculation error and memory corruption.

Recommendations For Microsoft Office Word versions 2000 SP3 through 2007 SP1, update to a version that is not affected by this issue. For Microsoft Office Outlook version 2007 Gold and SP1, update to a version that is not affected by this issue. For Microsoft Office Word Viewer version 2003 Gold and SP3, update to a version that is not affected by this issue. For Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats versions Gold and SP1, update to a version that is not affected by this issue. For Microsoft Office version 2004 for Mac, update to a version that is not affected by this issue.