CVE-2008-3004

Name of the Vulnerable Software and Affected Versions Microsoft Office Excel versions 2000 SP3, 2002 SP3, 2003 SP2, 2003 SP3 Office Excel Viewer version 2003 Office versions 2004, 2008 for Mac

Description A remote code execution issue exists due to improper validation of index values for AxesSet records when loading Excel files. This allows attackers to execute arbitrary code via a crafted Excel file. An attacker could exploit this by opening a specially crafted file, which could be hosted on a website or included as an email attachment.

Recommendations For Microsoft Office Excel 2000 SP3, update to a version that properly validates index values for AxesSet records. For Microsoft Office Excel 2002 SP3, update to a version that properly validates index values for AxesSet records. For Microsoft Office Excel 2003 SP2 and SP3, update to a version that properly validates index values for AxesSet records. For Office Excel Viewer 2003, update to a version that properly validates index values for AxesSet records. For Office 2004 and 2008 for Mac, update to a version that properly validates index values for AxesSet records.