Vulnerabilities in Microsoft Office Word can, if exploited, give an attacker the same user rights as logged-on user, potentially allowing the attacker complete control of the system. The most severe vulnerability also permits remote code execution.

Two of the vulnerabilities center on how Word handles rich text (RTF) data, which may be in a specially crafted RTF file or an e-mail message; if the user view or opens the file using Word, the vulnerability can be exploited and the attacker can gain the same user rights as the logged-on user. Users with fewer user irghts may be less affected than those with full administrative rights.

Another vulnerability involves how Word handles specially crafted Word files; if successfully exploited, this vulnerability allows the attacker to take complete control of the system.

The malicious RTF or Word file may be sent to the target system as an e-mail attachment, but the user must manually open the file to trigger the vulnerability. Alternatively, the file may be hosted on a website, but the user must be induced to visit the site and view the file in order to be affected.

Apply security updates:

Microsoft Office XP Service Pack 3
Security Update for Microsoft Word 2002

Microsoft Office 2003 Service Pack 3
Security Update for Microsoft Office Word 2003

2007 Microsoft Office System Service Pack 2
Security Update for Microsoft Office Word 2007

Microsoft Office 2004 for Mac
Microsoft Office 2004 for Mac 11.6.0 Update

Microsoft Office 2008 for Mac
Microsoft Office 2008 for Mac 12.2.6 Update

Open XML File Format Converter for Mac
Open XML File Format Converter for Mac 1.1.6

Microsoft Office Word Viewer
Security Update for Microsoft Word Viewer 2003

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2
Security Update for the 2007 Microsoft Office System

Microsoft Works 9
Security Update for Microsoft Works 9

http://www.microsoft.com/technet/security/Bulletin/MS10-056.mspx