Microsoft Office fails to properly handle certain Word documents, which may allow a remote, unauthenticated attacker to execute arbitrary code.
Code in the MSO.dll component of Microsoft Office 2003, 2007, and 2010 fails to properly initialize an object pointer when loading binary (Word 97-2003 format) Word documents.
By convincing a user to open a specially crafted Office document, an attacker may be able to execute arbitrary code.
Apply an update
This issue is addressed in Microsoft Security Bulletin MS11-073.
Block Office 2003 and earlier documents from untrusted sources
This issue was reported by David Warren.
This document was written by David Warren.
|Date First Published:||2011-09-13|
|Date Last Updated:||2012-03-28 15:13 UTC|