CVE-2011-1990

Name of the Vulnerable Software and Affected Versions Microsoft Excel 2007 SP2 Excel in Office 2007 SP2 Excel Viewer SP2 Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 Excel Services on Office SharePoint Server 2007 SP2

Description The issue is related to the improper validation of the sign of an unspecified array index in Microsoft Excel, allowing remote attackers to execute arbitrary code via a crafted spreadsheet. This vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files, which could allow an attacker to take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Excel 2007 SP2, consider disabling the handling of specially crafted Excel files until a patch is available. For Excel in Office 2007 SP2, restrict access to the vulnerable Excel functionality to minimize the risk of exploitation. For Excel Viewer SP2, avoid using the vulnerable Excel Viewer to open specially crafted Excel files until the issue is resolved. For Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2, consider uninstalling the pack until a fixed version is available. For Excel Services on Office SharePoint Server 2007 SP2, restrict access to the Excel Services to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.