A
vulnerability has been identified in Microsoft Windows and Office,
which could be exploited by attackers to take complete control of an
affected system. This issue is due to a memory corruption error in the
RichEdit components when parsing OLE objects embedded within RTF files,
which could be exploited by remote attackers to execute arbitrary
commands by convincing a user to interact with a malformed embedded OLE
object within a Rich Text Format (RTF) file.
Affected Products
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 (Itanium)
Microsoft Windows Server 2003 SP1 (Itanium)
Microsoft Windows Server 2003 x64 Edition
Microsoft Office 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 2
Microsoft Access 2000
Microsoft Excel 2000
Microsoft FrontPage 2000
Microsoft Outlook 2000
Microsoft PowerPoint 2000
Microsoft Publisher 2000
Microsoft Word 2000
Microsoft Access 2002
Microsoft Excel 2002
Microsoft FrontPage 2002
Microsoft Outlook 2002
Microsoft PowerPoint 2002
Microsoft Publisher 2002
Microsoft Word 2002
Microsoft Access 2003
Microsoft Excel 2003
Microsoft FrontPage 2003
Microsoft InfoPath 2003
Microsoft OneNote 2003
Microsoft Outlook 2003
Microsoft PowerPoint 2003
Microsoft Project 2003
Microsoft Publisher 2003
Microsoft Visio 2003
Microsoft Word 2003
Microsoft Word 2003 Viewer
Microsoft Project 2000 Service Release 1
Microsoft Office 2000 Multilanguage Packs
Microsoft Project 2002 Service Pack 1
Microsoft Visio 2002 Service Pack 2
Microsoft Learning Essentials 1.0 for Microsoft Office
Microsoft Learning Essentials 1.1 for Microsoft Office
Microsoft Learning Essentials 1.5 for Microsoft Office
Microsoft Global Input Method Editor for Office 2000 (Japanese)
Microsoft Office 2004 for Mac
Solution
Apply patches :
http://www.microsoft.com/technet/security/bulletin/ms07-013.mspx
