Microsoft Security Bulletin MS05-005
Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352)

Issued: February 8, 2005
Version: 1.0
Summary

Who should read this document: Customers who use Microsoft Office XP, Microsoft Project 2002, Microsoft Visio 2002 or Microsoft Works Suite.

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should install the update immediately.

Security Update Replacement: This bulletin replaces a prior security update. See the frequently asked questions (FAQ) section of this bulletin for the complete list.

Caveats: None

Tested Software and Security Update Download Locations:

Affected Software:
?Microsoft Office XP Software Service Pack 3 ? Download the update (KB873352)
?Microsoft Office XP Software Service Pack 2 - Download the administrative update (KB873352)

Microsoft Office XP Software:
?Word 2002
?PowerPoint 2002
?Microsoft Project 2002 ? Download the update (KBKB873355)
?Microsoft Visio 2002 ? Download the update (KB873354)
?Microsoft Works Suite 2002 - Download the update (KB873352) (same as the Microsoft Office XP link)
?Microsoft Works Suite 2003 - Download the update (KB873352) (same as the Microsoft Office XP link)
?Microsoft Works Suite 2004 - Download the update (KB873352) (same as the Microsoft Office XP link)

Note Office XP Service Pack 2 and Office XP Service Pack 3 are both vulnerable to this issue. However the security update for Office XP Service Pack 2 is only provided as part of the Office XP administrative security update. For more information, see the Security Update Information section.

Non-Affected Software:
?Microsoft Office 2000
?Microsoft Office 2003

Executive Summary:

This update resolves a newly-discovered, privately reported vulnerability that could allow an attacker to run code on the affected system. The vulnerability is documented in the Vulnerability Details section of this bulletin.

http://www.microsoft.com/technet/security/...n/ms05-005.mspx