Arnaud Dovi

**Name of the Vulnerable Software and Affected Versions** Microsoft Office PowerPoint versions in Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac **Description** The issue arises from the improper parsing of the slide notes field in a document, allowing remote user-assisted attackers to execute arbitrary code via crafted data in this field. This triggers an erroneous object pointer calculation that uses data from within the document. A remote code execution vulnerability exists when PowerPoint parses a file that includes a malformed object pointer. **Recommendations** For Microsoft Office PowerPoint versions in Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac, consider avoiding the use of crafted or potentially malicious files until a patch is available. As a temporary workaround, restrict access to potentially malicious PowerPoint files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions 2000 through 2004 **Description** A remote code execution issue exists due to the processing of a malformed OBJECT record in Excel. This allows an attacker to execute arbitrary code via a specially crafted .xls file. An attacker could exploit this by constructing a malicious Excel file, potentially leading to remote code execution. **Recommendations** For Microsoft Excel versions 2000 through 2004, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office Excel versions 2000 through 2004 **Description** A remote code execution issue exists due to the processing of a malformed file. This allows attackers to execute arbitrary code via malformed cell comments, which lead to modification of `critical data offsets` during the rebuilding process. An attacker could exploit this by constructing a specially crafted Excel file. **Recommendations** For Microsoft Office Excel versions 2000 through 2004, at the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Microsoft Excel versions 2000 through 2003 Microsoft Office version 2000 SP3 Description: A remote code execution issue exists in Excel, related to the parsing of malformed file formats. This can be exploited by an attacker constructing a specially crafted Excel file, allowing for remote code execution. The issue involves memory corruption, probably due to invalid pointers, when parsing a BIFF format file containing malformed BOOLERR records. Recommendations: For Microsoft Excel versions 2000 through 2003, and Microsoft Office version 2000 SP3, consider disabling the parsing of BIFF format files until a patch is available. As a temporary workaround, restrict the use of Excel to open files from untrusted sources to minimize the risk of exploitation. Avoid using Excel to open specially crafted files that could contain malformed parsing format until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.