CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS07-025 | Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873) | Microsoft Office | Critical | 09-05-2007 |
Technical Information
Brief overview of the risk:
A remote code execution vulnerability exists in the way Microsoft Office handles a specially crafted drawing object. An attacker could exploit this vulnerability when Office parses a file and processes a malformed drawing object. Such a specially crafted file might be included as an e-mail attachment or hosted on a malicious Web site. An attacker could exploit the vulnerability by constructing a specially crafted Office file containing a malformed drawing object that could allow remote code execution.
Detailed Information on the risk:
Microsoft Office documents that contain malformed embedded “drawing objects” can cause a crash which may be exploited to gain code execution. Office documents could be delivered to users via email or over the web. Malformed office documents are an increasingly popular vector for malware distributors.Further information on this exploit is available at : MS07-025
Affected Software
Microsoft Office 2000 Service Pack 3Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 2
2007 Microsoft Office System
Microsoft Office 2004 for Mac