Yoshiya Sasaki

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions 2000 SP3 Office for Mac versions 2004 and 2008 **Description** The issue allows remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file. This can occur when an attacker sends a malformed .slk file, which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment, and then imports it into Excel. **Recommendations** For Microsoft Excel 2000 SP3, consider avoiding the import of .SLK files from untrusted sources until a fix is available. For Office for Mac 2004 and 2008, restrict the import of .SLK files to trusted sources to minimize the risk of exploitation.