CVE-2007-3890

Name of the Vulnerable Software and Affected Versions: Microsoft Excel in Office 2000 SP3 Microsoft Excel in Office XP SP3 Microsoft Excel in Office 2003 SP2 Microsoft Excel in Office 2004 for Mac

Description: A remote code execution issue exists in the way Excel handles malformed Excel files. This could allow an attacker to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption. An attacker could exploit this by sending a malformed file, which could be included as an e-mail attachment, or hosted on a malicious or compromised Web site.

Recommendations: For Microsoft Excel in Office 2000 SP3, update to a version that is not affected by this issue. For Microsoft Excel in Office XP SP3, update to a version that is not affected by this issue. For Microsoft Excel in Office 2003 SP2, update to a version that is not affected by this issue. For Microsoft Excel in Office 2004 for Mac, update to a version that is not affected by this issue.