CVE-2010-3220

Name of the Vulnerable Software and Affected Versions Microsoft Word versions 2002 SP3 Microsoft Office versions 2004 for Mac

Description The issue allows remote attackers to execute arbitrary code via a crafted Word document, triggering memory corruption. A remote code execution vulnerability exists in the way that Microsoft Word parses a specially crafted Word file. An attacker who successfully exploited this issue could take complete control of an affected system, then install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Recommendations For Microsoft Word version 2002 SP3, update to a version that is not affected by this issue. For Microsoft Office version 2004 for Mac, update to a version that is not affected by this issue. As a temporary workaround, consider avoiding the use of crafted Word documents that could trigger memory corruption until a patch is available.