CVE-2006-1318

Name of the Vulnerable Software and Affected Versions Microsoft Office 2003 versions SP1 through SP2 Microsoft Office XP version SP3 Microsoft Office 2000 version SP3 Microsoft Office 2004 for Mac (affected versions not specified) Microsoft Office X for Mac (affected versions not specified)

Description The issue arises from improper parsing of record lengths in Microsoft Office, allowing remote attackers to execute arbitrary code via a malformed control in an Office document.

Recommendations For Microsoft Office 2003 versions SP1 through SP2, update to a version that properly handles record lengths to prevent arbitrary code execution. For Microsoft Office XP version SP3, apply a configuration change to correctly parse record lengths and prevent exploitation. For Microsoft Office 2000 version SP3, restrict the use of malformed controls in Office documents to minimize the risk of exploitation. For Microsoft Office 2004 for Mac and Microsoft Office X for Mac, at the moment, there is no information about a newer version that contains a fix for this vulnerability.