Reported February 8, 2005 by Microsoft
An unchecked buffer exists in the process that passes URL file locations to the affected software. The vulnerability could allow a remote intruder to execute code on an affected system.
Microsoft has released
Security Bulletin MS05-005, "Vulnerability
in Microsoft Office XP could allow Remote Code Execution (873352) ,"
and a patch to correct the problem. The bulletin also lists
workarounds that may be applicable in some situations.
Discovered by Rafel Ivgi from Finjan Software