CVE-2012-0167

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2003 SP3 through 2007 SP3

Description A remote code execution issue exists in the Office GDI+ library, allowing attackers to execute arbitrary code via a crafted EMF image in an Office document. This could enable an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights.

Recommendations For Microsoft Office 2003 SP3, update to a version that includes the fix for this issue. For Microsoft Office 2007 SP2 and SP3, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of EMF images in Office documents until a patch is available.