MS08-055: Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047)

Understanding Patch Management
- Architecture
- Work-flow
Installation & Setup
- Scope of Management
- Windows
- Mac
- Linux
Settings
Patch Settings
Deployment
How To's
Knowledge Base
FAQ's
Patch Repository

MS08-055 Bulletin Details

Back to list

Bulletin ID

MS08-055

Title

Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047)

Summary

This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user clicks a specially crafted OneNote URL. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update addresses the vulnerability by modifying the way that Microsoft Office validates uniform resource locators.

Knowledgebase

955047

List of Patches

S.No	Patch Name	Severity
1	office2003-SP3-KB953404-FullFile-ENU.exe	Important
2	office2003-KB953404-FullFile-ENU.exe	Important
3	office2007-kb951944-fullfile-x86-glb.exe	Important

Disclaimer: This webpage is intended to provide you information about patch announcement for certain specific software products. The information is provided "As Is" without warranty of any kind. The links provided point to pages on the vendors websites. You can get more information by clicking the links to visit the relevant pages on the vendors website.