Technical Information

Brief overview of the risk:
A remote code execution vulnerability exists in the way Excel handles files with malformed BIFF records. Such a file might be included in an e-mail attachment or hosted on a malicious Web site. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution. A remote code execution vulnerability exists in the way Excel handles Excel files with specially crafted set font values. Such a file might be included in an e-mail attachment or hosted on a malicious Web site. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution. A remote code execution vulnerability exists in the way Excel handles Excel files with specially crafted filter records. Such a file might be included in an e-mail attachment or hosted on a malicious Web site. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution.
Detailed Information on the risk:
The bulletin covers 3 remote code execution vulnerabilities in Microsoft Excel. Excel documents could be delivered to users via email or over the web. Malformed excel documents are an increasingly popular vector for malware distributors.Further information on this exploit is available at : MS07-023