Microsoft Office XP Service Pack 2 and 3, Project 2002 Service Pack 1 and prior, Visio 2002 Service Pack 2 and prior, and Works Suite 2002, 2003 and 2004 contain a vulnerability that can allow a remote attacker to trigger a buffer overflow. The attacker could create a denial of service (DoS) condition or execute arbitrary code with the privileges of the user.
The vulnerability is due to how the software handles requests for URL file locations. The software fails to properly bounds check URLs that are being passed to the application. An attacker who can convince a user to click a crafted URL could crash the service or execute code arbitrary code with the privileges of the user.
Patches are available.