CVE-2008-4031

Name of the Vulnerable Software and Affected Versions Microsoft Office Word versions 2000 SP3 through 2007 SP1 Outlook 2007 versions Gold through SP1 Word Viewer 2003 versions Gold through SP3 Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats versions Gold through SP1 Office 2004 and 2008 for Mac Open XML File Format Converter for Mac

Description A remote code execution issue exists in the way Microsoft Office handles specially crafted Rich Text Format (RTF) files. This could allow remote code execution if a user opens a specially crafted RTF file in Word, or reads or previews a specially crafted e-mail sent in the RTF format. An attacker who successfully exploits this issue could take control of an affected system in the context of the currently logged-on user, potentially installing programs, viewing, changing, or deleting data, or creating new accounts with full user rights.

Recommendations For Microsoft Office Word 2000 SP3, update to a newer version to mitigate the risk. For Microsoft Office Word 2002 SP3, update to a newer version to mitigate the risk. For Microsoft Office Word 2003 SP3, update to a newer version to mitigate the risk. For Microsoft Office Word 2007 Gold and SP1, update to a newer version to mitigate the risk. For Outlook 2007 Gold and SP1, update to a newer version to mitigate the risk. For Word Viewer 2003 Gold and SP3, update to a newer version to mitigate the risk. For Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1, update to a newer version to mitigate the risk. For Office 2004 and 2008 for Mac, update to a newer version to mitigate the risk. For Open XML File Format Converter for Mac, update to a newer version to mitigate the risk.