CVE-2011-0098

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2002 SP3, 2003 SP3, 2007 SP2, and 2010 Office 2004 and 2008 for Mac Open XML File Format Converter for Mac Excel Viewer SP2 Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2

Description A remote code execution issue exists in the way Microsoft Excel handles specially crafted Excel files, potentially allowing an attacker to execute arbitrary code via an XLS file with a large record size. This could enable an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010, update to a version that is not affected by this issue. For Office 2004 and 2008 for Mac, update to a version that is not affected by this issue. For Open XML File Format Converter for Mac, update to a version that is not affected by this issue. For Excel Viewer SP2, update to a version that is not affected by this issue. For Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2, update to a version that is not affected by this issue. As a temporary workaround, consider avoiding the use of XLS files from untrusted sources until a patch is available.