Microsoft Office Grammar Checker Client-Side Code Execution Vulnerability (MS07-001)

A vulnerability has been identified in Microsoft Office, which could be exploited by attackers to take complete control of an affected system. This issue is due to a memory corruption error in the Brazilian Portuguese Grammar Checker that does not perform sufficient data validation when opening a document and parses the text, which could be exploited by attackers to execute arbitrary commands by tricking a user into opening a specially crafted file.

Affected Products

Microsoft Office 2003 Service Pack 2 (Brazilian Portuguese Version)
Microsoft Word 2003
Microsoft Excel 2003
Microsoft Outlook 2003
Microsoft Access 2003
Microsoft OneNote 2003
Microsoft PowerPoint 2003
Microsoft Publisher 2003
Microsoft Access 2003
Microsoft InfoPath 2003
Microsoft FrontPage 2003
Microsoft Visio 2003
Microsoft Visio Enterprise Architects 2003
Microsoft Office Multilingual User Interface 2003 Service Pack 2
Microsoft Project Multilingual User Interface 2003 Service Pack 2
Microsoft Visio Multilingual User Interface 2003 Service Pack 2
Microsoft Office Proofing Tools 2003 Service Pack 2

Solution

Security update for Microsoft Office 2003 Service Pack 2 (Brazilian Portuguese Version) :
http://www.microsoft.com/downloads/details.aspx?familyid=B828BA91-A993-41EC-839C-8995CCFAEC6B

Security update for Microsoft Office Multilingual User Interface 2003 Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?familyid=C860DE66-DB1A-489D-8518-42CE468F5965

Security update for Microsoft Project Multilingual User Interface 2003 Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?familyid=8F233E5D-1270-4041-9CDD-C3541B7F4B40

Security update for Microsoft Visio Multilingual User Interface 2003 Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?familyid=C5A29C81-419C-440B-BF0B-FEC0C0708430

Security update for Microsoft Office Proofing Tools 2003 Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?familyid=51E9C97A-C35F-45AD-A587-8F08F1D34B7B