| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS14-083 | Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (3017347) | Microsoft Excel | Important | 10-12-2014 |
Technical Information
Brief overview of the risk:
This security update resolves two privately reported vulnerabilities in Microsoft Excel. The vulnerabilities could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Microsoft Excel file in an affected version of Microsoft Office software. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user.
Detailed Information on the risk:
A remote code execution vulnerability exists in how Microsoft Excel improperly handles objects in memory while parsing specially crafted Office files. System memory may be corrupted in such a way that an attacker could execute arbitrary code. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.
Further information on this exploit is available at : MS14-083
Microsoft Excel 2010
Microsoft Excel 2013 and Microsoft Excel 2013 RT
Microsoft Office Compatibility Pack Service Pack 3
Affected Software
Microsoft Excel 2007Microsoft Excel 2010
Microsoft Excel 2013 and Microsoft Excel 2013 RT
Microsoft Office Compatibility Pack Service Pack 3