CVE-2012-1886

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2003 SP3, 2007 SP2 and SP3, and 2010 SP1 Excel Viewer Office Compatibility Pack versions SP2 and SP3

Description A remote code execution issue exists in the way Microsoft Excel handles specially crafted Excel files, potentially allowing an attacker to execute arbitrary code or cause a denial of service due to memory corruption. An attacker who successfully exploits this issue could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Excel versions 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, update to a version that is not affected by this issue. For Excel Viewer, consider disabling the handling of crafted Excel files until a patch is available. For Office Compatibility Pack versions SP2 and SP3, restrict the opening of specially crafted Excel files to minimize the risk of exploitation.