CVE-2008-0116

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2000 SP3 through 2003 SP2 Microsoft Excel Viewer 2003 Microsoft Office Compatibility Pack Microsoft Office 2004 for Mac Microsoft Office 2008 for Mac

Description A remote code execution issue exists due to the handling of rich text values when loading application data into memory. An attacker could exploit this by sending a malformed file, which could be hosted on a specially crafted or compromised web site, or included as an email attachment.

Recommendations For Microsoft Excel versions 2000 SP3 through 2003 SP2, consider avoiding the use of rich text values until a patch is available. For Microsoft Excel Viewer 2003, restrict access to malformed files to minimize the risk of exploitation. For Microsoft Office Compatibility Pack, avoid using the pack to open potentially malicious files until the issue is resolved. For Microsoft Office 2004 and 2008 for Mac, refrain from opening attachments or files from untrusted sources that could contain malformed rich text values.