CVE-2011-1980

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2003 SP3 through 2007 SP2

Description The issue allows local users to gain privileges via a Trojan horse DLL in the current working directory. A remote code execution vulnerability exists in the way that Microsoft Office handles the loading of DLL files, which could allow an attacker to take complete control of an affected system. This could enable the attacker to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights.

Recommendations For Microsoft Office 2003 SP3, update to a version that is not affected by this issue. For Microsoft Office 2007 SP2, update to a version that is not affected by this issue. As a temporary workaround, consider restricting the loading of DLL files from untrusted locations to minimize the risk of exploitation.