MVP Jubo Security Blog : Microsoft Office

Possible vulnerability in Microsoft Office Word 2002 Service Pack 3

jubo — Wed, 09 Jul 2008 08:48:03 GMT

Microsoft released an advisory for a Office Word 2002 SP3 vulnerability.

Investigation indicates that customers who use all other supported versions of Microsoft Office Word, Microsoft Office Word Viewer, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, and Microsoft Office for Mac are not affected.

At this time, Microsoft is aware of limited, targeted attacks that attempt to use this vulnerability. While Microsoft Office Word 2000 does not appear vulnerable to this issue, Word 2000 may unexpectedly exit when opening a specially crafted .doc file that the attacker is using in an attempt to exploit the vulnerability.

More information: Microsoft Security Advisory (953635) and MSRC Blog.

Microsoft Security Advisory (947563)

jubo — Mon, 21 Jan 2008 07:25:22 GMT

Vulnerability in Microsoft Excel Could Allow Remote Code Execution

Published: January 15, 2008 | Updated: January 16, 2008

Microsoft is investigating new public reports of a vulnerability in Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000, and Microsoft Excel 2004 for Mac. At this time, Microsoft's initial investigation indicates that customers who are using Microsoft Office Excel 2007 or Microsoft Excel 2008 for Mac, or who have installed Microsoft Office Excel 2003 Service Pack 3 are not affected by this vulnerability.

See advisory at: TechNet

Check for the latest Office software at: Microsoft Office Update

Or: Microsoft Update