Intrusion Prevention

MS.Office.Malformed.msofbtOPT.Code.Execution

Description

Microsoft Office has a remote code-execution vulnerability via an Office file with a crafted msofbtOPT Record. A remote attacker could execute arbitrary code on the system with privileges of the user.

Affected Products

Microsoft Office 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 2
Microsoft Access 2000
Microsoft Excel 2000
Microsoft FrontPage 2000
Microsoft Outlook 2000
Microsoft PowerPoint 2000
Microsoft Publisher 2000
Microsoft Word 2000
Microsoft Access 2002
Microsoft Excel 2002
Microsoft FrontPage 2002
Microsoft Outlook 2002
Microsoft PowerPoint 2002
Microsoft Publisher 2002
Microsoft Visio 2002
Microsoft Word 2002
Microsoft Access 2003
Microsoft Excel 2003
Microsoft Excel 2003 Viewer
Microsoft FrontPage 2003
Microsoft InfoPath 2003
Microsoft OneNote 2003
Microsoft Outlook 2003
Microsoft PowerPoint 2003
Microsoft Project 2003
Microsoft Publisher 2003
Microsoft Visio 2003
Microsoft Word 2003
Microsoft Excel 2003 Viewer
Microsoft Word 2003 Viewer
Microsoft Project 2000 Service Release 1
Microsoft Project 2002 Service Pack 1
Microsoft Visio 2002 Service Pack 2
Microsoft Office 2004 for Mac

Impact

System compromise.

Recommended Actions

Apply the appropriate patch for your system.
http://www.microsoft.com/technet/security/bulletin/ms07-015.mspx

CVE References

CVE-2007-0671