CVE-2008-0112

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2000 SP3 Office for Mac versions 2004 and 2008

Description The issue allows remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file. This can occur when an attacker sends a malformed .slk file, which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment, and then imports it into Excel.

Recommendations For Microsoft Excel 2000 SP3, consider avoiding the import of .SLK files from untrusted sources until a fix is available. For Office for Mac 2004 and 2008, restrict the import of .SLK files to trusted sources to minimize the risk of exploitation.