CVE-2006-0028

Name of the Vulnerable Software and Affected Versions: Microsoft Excel versions 2000 through 2003 Microsoft Office version 2000 SP3

Description: A remote code execution issue exists in Excel, related to the parsing of malformed file formats. This can be exploited by an attacker constructing a specially crafted Excel file, allowing for remote code execution. The issue involves memory corruption, probably due to invalid pointers, when parsing a BIFF format file containing malformed BOOLERR records.

Recommendations: For Microsoft Excel versions 2000 through 2003, and Microsoft Office version 2000 SP3, consider disabling the parsing of BIFF format files until a patch is available. As a temporary workaround, restrict the use of Excel to open files from untrusted sources to minimize the risk of exploitation. Avoid using Excel to open specially crafted files that could contain malformed parsing format until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.