An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user.” In addition, there is a “vulnerability that could allow remote code execution if a user opens a specially crafted Word file. The Microsoft Office 2008 for Mac 12.2.3 Update and Microsoft Office 2004 for Mac 11.5.6 Update fix “vulnerabilities in Office … that an attacker can use to overwrite the contents of your computer’s memory with malicious code.” More specifically, “The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file.
Microsoft has issued updates for the two versions of Office that it supports for Mac OS X, both of which contain both general fixes and security patches. Security & Privacy Microsoft Releases Updates for Office 20