Technical Information

Brief overview of the risk:
A remote code execution vulnerability exists in the way Microsoft Office handles a specially crafted drawing object. An attacker could exploit this vulnerability when Office parses a file and processes a malformed drawing object. Such a specially crafted file might be included as an e-mail attachment or hosted on a malicious Web site. An attacker could exploit the vulnerability by constructing a specially crafted Office file containing a malformed drawing object that could allow remote code execution.
Detailed Information on the risk:
Microsoft Office documents that contain malformed embedded “drawing objects” can cause a crash which may be exploited to gain code execution. Office documents could be delivered to users via email or over the web. Malformed office documents are an increasingly popular vector for malware distributors.Further information on this exploit is available at : MS07-025