CVE-2009-3135

Name of the Vulnerable Software and Affected Versions: Microsoft Office Word versions 2002 SP3 and 2003 SP3 Office 2004 and 2008 for Mac Open XML File Format Converter for Mac Office Word Viewer 2003 SP3 Office Word Viewer

Description: A remote code execution issue exists in the way Microsoft Office Word handles specially crafted Word files with a malformed record or File Information Block (FIB) structure. This could allow an attacker to execute arbitrary code and take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. The impact may be less severe for users with fewer user rights on the system compared to those operating with administrative user rights.

Recommendations: For Microsoft Office Word 2002 SP3, update to a newer version to mitigate the risk. For Microsoft Office Word 2003 SP3, update to a newer version to mitigate the risk. For Office 2004 and 2008 for Mac, update to a newer version to mitigate the risk. For Open XML File Format Converter for Mac, update to a newer version to mitigate the risk. For Office Word Viewer 2003 SP3, update to a newer version to mitigate the risk. For Office Word Viewer, update to a newer version to mitigate the risk.