<< Back
CVE Number Vulnerability Product Severity Date
MS07-015 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554) Microsoft Office Critical 14-02-2007

Technical Information

Brief overview of the risk:
When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Detailed Information on the risk:
This bulletin covers remote code execution vulnerabilities in Powerpoint and Excel. The Excel vulnerability is currently being exploited in the wild with the Mdropper Trojan, which has been associated with a large number of compound document attacks in recent months. The problem stems from pointer arithmetic that can be manipulated by a malformed spreadsheet. The Powerpoint vulnerability is caused by a heap overflow.Further information on this exploit is available at : MS07-015

Affected Software

Microsoft Office 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 2
Microsoft Project 2000 Service Release 1
Microsoft Project 2002 Service Pack 1
Microsoft Visio 2002 Service Pack 2
Microsoft Office 2004 for Mac