Microsoft’s March 2008 security bulletin includes four patches addressing remote execution vulnerabilities in Office applications. All four updates are labeled “critical” and affect Office 2000, 2002, 2003, and 2007.
According to Microsoft an Excel security issue exists in Excel 2000, 2002, 2003, 2007 as well as MacOffice 2004 and 2008, which, if exploited, could allow an attacker to take full control of client PC. A second vulnerability in Outlook 2000, 2002 and 2003 enables an attacker to install programs as well as view, change, or delete data or create new accounts with full user rights, if the mail application is hit with “a specially crafted mailto URI”.
Patches three and four resolve “privately reported” vulnerabilities in Microsoft Office that could allow remote code execution, if a user opens a malformed Office file or if a user views “a specially crafted Web page.” Both vulnerabilities would enable an attacker to install programs as well as view, change, or delete data or create new accounts with full user rights.
Details about the March patches as well as downloads of these updates are available on Microsoft’s Technet site.