Two vulnerabilities have been identified in Microsoft Word, which could be exploited by attackers to take complete control of an affected system.
The first issue is due to a lack of validation of certain properties in modified documents, which could be exploited by attackers to cause a vulnerable application to not prompt the user with a macro security warning when executing macros present in a malicious document.
The second vulnerability is due to a memory corruption error when handling a document containing a malformed drawing object, which could be exploited by attackers to execute arbitrary commands by tricking a user into opening a specially crafted Word document.
Note : Released security updates also include fixes for the zero-day vulnerabilities covered by FrSIRT/ADV-2006-4920 - FrSIRT/ADV-2006-4866 - FrSIRT/ADV-2006-4997 - FrSIRT/ADV-2007-0350
Affected Products
Microsoft Office 2000 Service Pack 3 Microsoft Office XP Service Pack 3 Microsoft Office 2003 Service Pack 2 Microsoft Office 2004 for Mac Microsoft Word 2000 Microsoft Word 2002 Microsoft Word 2003 Microsoft Word Viewer 2003 Microsoft Works Suite 2004 Microsoft Works Suite 2005 Microsoft Works Suite 2006