CVE-2011-0979

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2002 SP3, 2003 SP3, 2007 SP2, and 2010 Office for Mac versions 2004, 2008, and 2011 Open XML File Format Converter for Mac Excel Viewer version SP2

Description A remote code execution issue exists in the way Microsoft Excel handles specially crafted Excel files, allowing attackers to execute arbitrary code via a malformed object record. This is related to a "stray reference" during the parsing of Office Art records in Excel spreadsheets. An attacker who successfully exploits this issue could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Excel versions 2002 SP3, 2003 SP3, 2007 SP2, and 2010, update to a version that properly handles errors during the parsing of Office Art records. For Office for Mac versions 2004, 2008, and 2011, update to a version that correctly parses Office Art records in Excel spreadsheets. For Open XML File Format Converter for Mac, update to a version that properly handles specially crafted Excel files. For Excel Viewer version SP2, update to a version that correctly handles the parsing of Office Art records. At the moment, there is no information about a newer version that contains a fix for this vulnerability.