CVE-2007-1203

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007

Description The issue allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, resulting in memory corruption. A remote code execution vulnerability exists in the way Excel handles Excel files with specially crafted set font values. Such a file might be included in an e-mail attachment or hosted on a malicious Web site. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution.

Recommendations For Microsoft Excel 2000 SP3, update to a version that includes the fix for this issue. For Microsoft Excel 2002 SP3, update to a version that includes the fix for this issue. For Microsoft Excel 2003 SP2, update to a version that includes the fix for this issue. For Microsoft Excel 2003 Viewer, update to a version that includes the fix for this issue. For Microsoft Excel 2004 for Mac, update to a version that includes the fix for this issue. For Microsoft Excel 2007, update to a version that includes the fix for this issue.