CVE-2009-3128

Name of the Vulnerable Software and Affected Versions: Microsoft Office Excel versions 2002 SP3 through 2003 SP3 Office Excel Viewer version 2003 SP3

Description: A remote code execution issue exists due to improper parsing of the Excel file format, allowing attackers to execute arbitrary code via a spreadsheet with a malformed record object. This could enable an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations: For Microsoft Office Excel versions 2002 SP3 through 2003 SP3, update to a newer version to mitigate the risk. For Office Excel Viewer version 2003 SP3, update to a newer version to mitigate the risk. As a temporary workaround, consider avoiding the use of specially crafted Excel files that include a malformed record object until a patch is available.