What is the scope of the vulnerability in Word?
This vulnerability could enable an attacker to create a document that, when opened in Word, runs a macro without asking for the user’s permission. Macros can take any action that the user is capable of taking. As a result, this vulnerability could give an attacker the opportunity to take actions such as changing data, communicating with Web sites, reformatting the hard disk, or changing the Word security settings. The vulnerability only affects Word, and only when Rich Text Format (RTF) documents are opened. Other Microsoft Office programs are not affected. The vulnerability does not exist when opening Word documents.