CVE-2012-0185

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2007 SP2 through 2007 SP3 Microsoft Excel 2010 Gold and 2010 SP1 Microsoft Excel Viewer (affected versions not specified) Microsoft Office Compatibility Pack versions SP2 through SP3

Description A remote code execution issue exists in the way Microsoft Excel handles specially crafted Excel files, allowing attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening. This could enable an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Excel 2007 SP2 and SP3, update to a newer version to mitigate the risk. For Microsoft Excel 2010 Gold and 2010 SP1, update to a newer version to mitigate the risk. For Microsoft Excel Viewer, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Microsoft Office Compatibility Pack SP2 and SP3, update to a newer version to mitigate the risk.