• 2007 Microsoft Office System
• 2007 Microsoft Office System Service Pack 1
• Microsoft Office 2000 Service Pack 3
• Microsoft Office 2003 Service Pack 2
• Microsoft Office 2003 Service Pack 3
• Microsoft Office 2004 for Mac
• Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
• Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1
• Microsoft Office PowerPoint Viewer 2003
• Microsoft Office XP Service Pack 3

This security update resolves reported vulnerabilities in Microsoft Office PowerPoint and Microsoft Office PowerPoint Viewer that could allow remote code execution if a user opens a specially crafted PowerPoint file. A malicious user who successfully exploits any of these vulnerabilities could take complete control of an affected system, allowing one to install programs; view, change, or delete data; or create new accounts with full user rights. Users configured to have fewer administrative privileges could be less impacted than users who operate with full administrative user rights.

Patches for this vulnerability can be downloaded on this Microsoft Web page.

Microsoft recommends to not open or save Microsoft Office files received from untrusted sources or received unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted file. It is also advised to use the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or un-trusted sources. Use of the said environment protects Office 2003 installations by more securely opening Word, Excel, and PowerPoint binary format files. Alternatively, use of the Microsoft Office File Block policy is suggested to block the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations.

More details regarding these workarounds may be found on this Microsoft Web page.