CVE-2007-1756

Name of the Vulnerable Software and Affected Versions: Microsoft Excel versions 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2007

Description: The issue arises from improper validation of version information in Excel files, allowing remote attackers to execute arbitrary code via crafted Excel files. A remote code execution vulnerability exists in the way Excel handles malformed Excel files. An attacker could exploit this by sending a malformed file, which could be included as an e-mail attachment or hosted on a malicious Web site.

Recommendations: For Microsoft Excel 2000 SP3, update to a version that properly validates Excel file version information. For Microsoft Excel 2002 SP3, update to a version that properly validates Excel file version information. For Microsoft Excel 2003 SP2, update to a version that properly validates Excel file version information. For Microsoft Excel 2003 Viewer, update to a version that properly validates Excel file version information. For Microsoft Office Excel 2007, update to a version that properly validates Excel file version information.