MS anti-Trojan shield fails to protect older Offices
Microsoft's attempts to protect against the growing range of attacks targeting unpatched flaws in its Office application suite are only likely to be partially effective, according to security experts.
The tool, Microsoft Office Isolated Conversion Environment (MOICE), is designed to protect against malformed Office 2003 documents that attempt to exploit 0-day vulnerabilities. The technology works by converting Office 2003 binary format files to Open XML format using Microsoft Office 2007 system converters. Microsoft claims three possible failsafe outcomes: successful conversion, failure to covert, or the converter (though not the underlying OS) crashes.
Clearswift ThreatLab manager Pete Simpson said the technology is to screen out malware from legacy Office document formats, a problem that arises in the first place from "lax sanity checking of field bounds and pointers" that leads to buffer overflow flaws and the like.
http://www.theregister.com/2007/06/06/ms_anti-trojan_defence/