CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS08-043 | Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066) | Microsoft Office | Critical | 13-08-2008 |
Technical Information
Brief overview of the risk:
A vulnerability exists in the way Excel parses record values when loading Excel files into memory. Depending on the attack scenario, the vulnerability could lead to remote code execution on a user’s local Excel client, or it could lead to elevation of privilege within a SharePoint Server.
Detailed Information on the risk:
This security update resolves four privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.Further information on this exploit is available at : MS08-043
Affected Software
Microsoft Office 2000 Service Pack 3Microsoft Office 2003 Service Pack 2
Microsoft Office 2003 Service Pack 3
Microsoft Excel Viewer 2003
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
2007 Microsoft Office System
2007 Microsoft Office System Service Pack 1
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1
Microsoft Office Excel Viewer
Microsoft Office Excel Viewer 2003 Service Pack 3
Microsoft Office SharePoint Server 2007
Microsoft Office SharePoint Server 2007 Service Pack 1
Microsoft Office SharePoint Server 2007 x64 Edition
Microsoft Office SharePoint Server 2007 x64 Edition Service Pack 1
Microsoft Office XP Service Pack 3