CVE-2011-0977

Name of the Vulnerable Software and Affected Versions Microsoft Office XP version SP3 Microsoft Office 2003 version SP3 Microsoft Office 2007 version SP2 Microsoft Office 2004 for Mac Microsoft Office 2008 for Mac Open XML File Format Converter for Mac

Description A remote code execution issue exists in the way Microsoft Office handles graphic objects when parsing a specially crafted Office file. This allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format. An attacker who successfully exploits this issue could take complete control of an affected system, then install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than users operating with administrative user rights.

Recommendations For Microsoft Office XP SP3, update to a newer version to mitigate the risk. For Microsoft Office 2003 SP3, update to a newer version to mitigate the risk. For Microsoft Office 2007 SP2, update to a newer version to mitigate the risk. For Microsoft Office 2004 for Mac, update to a newer version to mitigate the risk. For Microsoft Office 2008 for Mac, update to a newer version to mitigate the risk. For Open XML File Format Converter for Mac, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting the use of graphic objects in Office files until a patch is available.