Two vulnerabilities have been identified in Microsoft Word, which could be exploited by attackers to take complete control of an affected system.
The first issue is due to a lack of validation of certain properties in modified documents, which could be exploited by attackers to cause a vulnerable application to not prompt the user with a macro security warning when executing macros present in a malicious document.
The second vulnerability is due to a memory corruption error when handling a document containing a malformed drawing object, which could be exploited by attackers to execute arbitrary commands by tricking a user into opening a specially crafted Word document.
Note : Released security updates also include fixes for the zero-day vulnerabilities covered by FrSIRT/ADV-2006-4920 - FrSIRT/ADV-2006-4866 - FrSIRT/ADV-2006-4997 - FrSIRT/ADV-2007-0350
Affected Products
Microsoft Office 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 2
Microsoft Office 2004 for Mac
Microsoft Word 2000
Microsoft Word 2002
Microsoft Word 2003
Microsoft Word Viewer 2003
Microsoft Works Suite 2004
Microsoft Works Suite 2005
Microsoft Works Suite 2006
Solution
Apply patches :
http://www.microsoft.com/technet/security/bulletin/ms07-014.mspx
