CVE-2008-4028

Name of the Vulnerable Software and Affected Versions Microsoft Office Word versions 2000 SP3 through 2007 SP1 Microsoft Outlook version 2007 Gold and SP1 Microsoft Word Viewer version 2003 Gold and SP3 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats versions Gold and SP1 Microsoft Office versions 2004 and 2008 for Mac Microsoft Open XML File Format Converter for Mac (affected versions not specified)

Description A remote code execution issue exists in the way Microsoft Office handles specially crafted Rich Text Format (RTF) files. This could allow remote code execution if a user opens a specially crafted RTF file in Word, or reads or previews a specially crafted e-mail sent in the RTF format. An attacker who successfully exploits this issue could take control of an affected system in the context of the currently logged-in user, potentially installing programs, viewing, changing, or deleting data, or creating new accounts with full user rights.

Recommendations For Microsoft Office Word versions 2000 SP3 through 2007 SP1, update to a newer version that includes the fix for this issue. For Microsoft Outlook version 2007 Gold and SP1, update to a newer version that includes the fix for this issue. For Microsoft Word Viewer version 2003 Gold and SP3, update to a newer version that includes the fix for this issue. For Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats versions Gold and SP1, update to a newer version that includes the fix for this issue. For Microsoft Office versions 2004 and 2008 for Mac, update to a newer version that includes the fix for this issue. For Microsoft Open XML File Format Converter for Mac, at the moment, there is no information about a newer version that contains a fix for this issue.