Microsoft Security Bulletin MS05-005
Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352)
Issued: February 8, 2005
Who should read this document: Customers who use Microsoft Office XP, Microsoft Project 2002, Microsoft Visio 2002 or Microsoft Works Suite.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should install the update immediately.
Security Update Replacement: This bulletin replaces a prior security update. See the frequently asked questions (FAQ) section of this bulletin for the complete list.
Tested Software and Security Update Download Locations:
?Microsoft Office XP Software Service Pack 3 ? Download the update (KB873352)
?Microsoft Office XP Software Service Pack 2 - Download the administrative update (KB873352)
Microsoft Office XP Software:
?Microsoft Project 2002 ? Download the update (KBKB873355)
?Microsoft Visio 2002 ? Download the update (KB873354)
?Microsoft Works Suite 2002 - Download the update (KB873352) (same as the Microsoft Office XP link)
?Microsoft Works Suite 2003 - Download the update (KB873352) (same as the Microsoft Office XP link)
?Microsoft Works Suite 2004 - Download the update (KB873352) (same as the Microsoft Office XP link)
Note Office XP Service Pack 2 and Office XP Service Pack 3 are both vulnerable to this issue. However the security update for Office XP Service Pack 2 is only provided as part of the Office XP administrative security update. For more information, see the Security Update Information section.
?Microsoft Office 2000
?Microsoft Office 2003
This update resolves a newly-discovered, privately reported vulnerability that could allow an attacker to run code on the affected system. The vulnerability is documented in the Vulnerability Details section of this bulletin.