CVE-2007-0215

Name of the Vulnerable Software and Affected Versions Microsoft Excel 2000 SP3 Microsoft Excel 2002 SP3 Microsoft Excel 2003 SP2 Microsoft Excel 2003 Viewer

Description A remote code execution issue exists due to the way Excel handles files with malformed BIFF records. This could be exploited by an attacker constructing a specially crafted Excel file, potentially included in an e-mail attachment or hosted on a malicious website, allowing for remote code execution. The issue arises from a stack-based buffer overflow via a .XLS BIFF file with a malformed Named Graph record, resulting in memory corruption.

Recommendations For Microsoft Excel 2000 SP3, update to a version that includes the fix for this issue. For Microsoft Excel 2002 SP3, update to a version that includes the fix for this issue. For Microsoft Excel 2003 SP2, update to a version that includes the fix for this issue. For Microsoft Excel 2003 Viewer, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of .XLS files from untrusted sources until a patch is available.