TITLE: Microsoft Office Two Vulnerabilities SECUNIA ADVISORY ID: http://secunia.com/advisories/44015/ Criticality level: Highly critical Impact: System access Where: From remote Software: Microsoft Office 2003 Professional Edition Microsoft Office 2003 Small Business Edition Microsoft Office 2003 Standard Edition Microsoft Office 2003 Student and Teacher Edition Microsoft Office 2004 for Mac Microsoft Office 2007 Microsoft Office 2008 for Mac Microsoft Office XP Microsoft Open XML File Format Converter for Mac DESCRIPTION: Two vulnerabilities have been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system. 1) Office applications load certain libraries in an insecure manner, which can be exploited to load arbitrary libraries by tricking a user into e.g. opening a Word document located on a remote WebDAV or SMB share. 2) An error when handling dereferencing data structures during parsing of graphic objects in Office files can be exploited via e.g. a specially crafted Excel file. Successful exploitation of the vulnerabilities allows execution of arbitrary code. SOLUTION: Apply patches. ORIGINAL ADVISORY: MS11-023 (KB2509461, KB2509503, KB2509488, KB2505924, KB2505927, KB2505935): http://www.microsoft.com/technet/security/Bulletin/MS11-023.mspx ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-