CVE-2007-1238

Vulnerability

Microsoft Office 2003 is susceptible to a denial of service condition when a user attempts to insert a malformed Windows Metafile (WMF) image. The vulnerability arises during the processing of a corrupted WMF file, which triggers an error that crashes the application. This issue affects Microsoft Office 2003 (all editions). No specific version numbers are provided in the available sources.

Exploitation

The attack requires user interaction: an attacker must convince a victim to open a document or email containing a reference to a specially crafted corrupted WMF file and then attempt to insert that file into an Office 2003 application. The attacker does not need any prior authentication or network access to the victim's machine; the vector is primarily through phishing or social engineering.

Impact

Successful exploitation causes Microsoft Office 2003 to crash, resulting in a denial of service. The crash does not appear to allow code execution or privilege escalation, only application termination. The user may lose unsaved work.

Mitigation

As of the publication date (March 2007), no official patch or workaround has been disclosed from Microsoft in the available references. Users should exercise caution when opening WMF files from untrusted sources and consider using alternative office suites or security tools that can filter malformed image files.