CVE-2011-0107

Name of the Vulnerable Software and Affected Versions Microsoft Office versions XP SP3, 2003 SP3, 2007 SP2

Description The issue allows local users to gain privileges via a Trojan horse DLL in the current working directory. A remote code execution vulnerability exists in the way that Microsoft Office handles the loading of DLL files, which could allow an attacker to take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Office XP SP3, update to a version that fixes the insecure library loading issue. For Microsoft Office 2003 SP3, update to a version that fixes the insecure library loading issue. For Microsoft Office 2007 SP2, update to a version that fixes the insecure library loading issue. As a temporary workaround, consider restricting the loading of DLL files from untrusted directories to minimize the risk of exploitation.