Microsoft Office is a package which provides word processing, spreadsheet, presentation, e-mail, and calendaring capabilities for Microsoft Windows workstations.
An error in Microsoft Office 2003 SP3 for Windows when processing
**PNG** files can be exploited to cause a buffer overflow via a specially crafted file. A remote attacker who persuades the user to open the crafted
**DOC** file could execute arbitrary code in the context of the user running Microsoft Office.
Apply the patch referenced in Microsoft Security Bulletin 13-051.
This exploit has been tested against Microsoft Office 2003 SP3 on Windows XP SP3 English (DEP OptIn).
The user must save both the
**PNG** files in the same folder, open the
**DOC** file in the vulnerable Microsoft Office application, and press Alt+F9 to trigger the vulnerability.