Vulnerability Tutorial - Microsoft Office vulnerabilities
  Updated: 08/12/14     (YELLOW light)  
Impact
An attacker could run commands on a user's computer if the user opens a malformed document.
Background

Microsoft Office is a package which provides word processing, spreadsheet, presentation, e-mail, and calendaring capabilities for Microsoft Windows and Apple Macintosh / Mac OS workstations.

The WordPerfect 5.x Converter helps users convert WordPerfect 5.x documents into Microsoft Word format. It is enabled by default in all versions of Microsoft Office.

The Problem

As client applications, all vulnerabilities in Microsoft Office are caused when a maliciously-crafted document is accessed or when a legitimate document is accessed which refers to a crafted library.

Microsoft Office X for Mac detected

02/15/07
Microsoft Office X for Mac is no longer being updated.

Resolution

All users of Microsoft Office for Windows should install the patches referenced in Microsoft Security Bulletins 08-044, 08-055, 08-069, 09-073, 10-023, 10-056, 10-079, 10-104, 10-105, 11-023, 11-029, 11-036, 11-045, 12-029, 12-030, 12-034, 12-060, 12-066, 13-035, 13-074, 13-075, 13-106, 14-022, 14-024, and 14-036.

Users of Microsoft Office 2000 should install the patches referenced in Microsoft Security Bulletins 07-013, and 09-074.

Users of Microsoft Office 2002 should install the patches referenced in Microsoft Security Bulletins 07-013, 09-074, 10-045, and 10-103.

Users of Microsoft Office 2003 should install the patches referenced in Microsoft Security Bulletin 07-013, 09-074, and 10-045.

Users of Microsoft Office 2010 should install the patch referenced in Microsoft Security Bulletin 10-103.

Users of Microsoft Office Outlook 2007 should also install the patch referenced in Microsoft Security Bulletin 08-026.

Users of Visio 2002 and 2003 should upgrade to Visio 2007, and users of Visio 2007 should install the patches referenced in Microsoft Security Bulletin 09-005, 09-060 (supersedes 08-015), and 11-008 (supersedes 10-028).

Visio 2002 users should upgrade to Visio 2007 and Office XP and Project 2002 users should install the patch referenced in Microsoft Security Bulletin 05-005.

Microsoft Office X for Mac users should upgrade to Microsoft Office 2004.

Users of Microsoft Office 2004 for Macintosh should upgrade to version higher than 11.6.3.

Users of Microsoft Office 2008 for Macintosh should upgrade to version higher than 12.3.5.

More Information

For more information, see Microsoft Security Bulletins 04-027, 04-033, 05-005, 05-023, 05-035, 06-009, 06-010, 06-012, 06-027, 06-028, 06-037, 06-038, 06-039, 06-048, 06-054, 06-058, 06-059, 06-060, 06-061, 06-062, 07-001, 07-002, 07-013, 07-014, 07-015, 07-023, 07-024, 07-025, 07-030, 07-036, 07-037, 07-042, 07-043, 07-044, 07-060, 08-009, 08-012, 08-014, 08-016, 08-018, 08-019, 08-026, 08-027, 08-042, 08-043, 08-044, 08-051, 08-055, 08-057, 08-069, 08-072, 08-074, 09-005, 09-009, 09-010, 09-017, 09-021, 09-027, 09-030, 09-060, 09-067, 09-068, 09-073, 09-074, 10-004, 10-003, 10-017, 10-023, 10-028, 10-036, 10-038, 10-039, 10-044, 10-045, 10-056, 10-057, 10-064, 10-079, 10-087, 10-088, 10-103, 10-104, 10-105, 11-008, 11-016, 11-021, 11-022, 11-029, 11-036, 11-045, 11-055, 11-060, 11-072, 11-088, 11-096, 12-015, 12-027, 12-029, 12-034, 12-043, 12-051, 12-057, 12-060, 12-064, 12-066, 12-076, 13-025, 13-026, 13-035, 13-043, 13-051, 13-073, 13-074, 13-075, 13-085, 13-091, 13-106, 14-001, 14-020, 14-022, 14-024, and 14-048.