CVE-2010-3215

Name of the Vulnerable Software and Affected Versions Microsoft Word versions 2002 SP3 Office 2004 for Mac

Description A remote code execution issue exists in the way Microsoft Word handles return values when parsing a specially crafted Word file. This could allow an attacker to execute arbitrary code via a crafted document that triggers memory corruption. An attacker who successfully exploits this issue could take complete control of an affected system, then install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Recommendations For Microsoft Word 2002 SP3, update to a version that properly handles return values during parsing of a Word document to prevent memory corruption. For Office 2004 for Mac, update to a version that correctly handles return values when parsing a specially crafted Word file to mitigate the risk of remote code execution.