CVE-2007-1214

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac

Description A remote code execution issue exists in the way Excel handles specially crafted filter records in Excel files. This could allow an attacker to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption. Such a file might be included in an e-mail attachment or hosted on a malicious Web site, and an attacker could exploit the vulnerability by constructing a specially crafted Excel file.

Recommendations For Microsoft Excel 2000 SP3, consider applying a patch or update to fix the issue. For Microsoft Excel 2002 SP3, consider applying a patch or update to fix the issue. For Microsoft Excel 2003 SP2, consider applying a patch or update to fix the issue. For Microsoft Excel 2003 Viewer, consider applying a patch or update to fix the issue. For Microsoft Excel 2004 for Mac, consider applying a patch or update to fix the issue. As a temporary workaround, consider avoiding the use of specially crafted filter records in Excel files until a patch is available.