CVE-2008-4030

Name of the Vulnerable Software and Affected Versions Microsoft Office Word versions 2000 SP3 through 2007 SP1 Outlook version 2007 Gold and SP1 Word Viewer version 2003 Gold and SP3 Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats versions Gold and SP1

Description A remote code execution issue exists in the way Microsoft Office handles specially crafted Rich Text Format (RTF) files. This could allow remote code execution if a user opens a specially crafted RTF file in Word or reads or previews a specially crafted e-mail sent in the RTF format. An attacker who successfully exploits this issue could take control of an affected system in the context of the currently logged-in user, potentially installing programs, viewing, changing, or deleting data, or creating new accounts with full user rights.

Recommendations For Microsoft Office Word versions 2000 SP3 through 2007 SP1, update to a newer version to mitigate the risk. For Outlook version 2007 Gold and SP1, update to a newer version to mitigate the risk. For Word Viewer version 2003 Gold and SP3, update to a newer version to mitigate the risk. For Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats versions Gold and SP1, update to a newer version to mitigate the risk. As a temporary workaround, consider avoiding the use of RTF files in Word or restricting the reading and previewing of specially crafted e-mails sent in the RTF format until a patch is available.