HighMicrosoft Windows Knowledge Base Article 951207 update is not installed on the system, which could allow a remote attacker to exploit the following vulnerabilities:
Microsoft Word could allow a remote attacker to execute arbitrary code on the system, caused by improper memory calculation when processing a malformed string in a specially-crafted Rich Text Format (.rtf) file. By persuading a victim to open a specially-crafted .rtf file, a remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system with the privileges of the victim.
Microsoft Word could allow a remote attacker to execute arbitrary code on the system, caused by improper memory calculation when processing a malformed CSS value in a specially-crafted Word file. By persuading a victim to open a specially-crafted Word file, a remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system with the privileges of the victim.
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS08-026. See References.
Microsoft Security Bulletin MS08-026
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)
http://www.microsoft.com/technet/security/bulletin/ms08-026.mspx
IBM Internet Security Systems X-Force Database
Microsoft Word .rtf string code execution
http://xforce.iss.net/xforce/xfdb/42099
IBM Internet Security Systems X-Force Database
Microsoft Word malformed CSS code execution
http://xforce.iss.net/xforce/xfdb/42100
ISS X-Force
Microsoft Windows Knowledge Base Article 951207 update not installed
http://www.iss.net/security_center/static/42101.php
CVE CVE-2008-1091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1091
CVE CVE-2008-1434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1434
