CVE-2008-0081

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2000 SP3 through 2003 SP2 Microsoft Excel Viewer 2003 Microsoft Office 2004 for Mac

Description The issue allows user-assisted remote attackers to execute arbitrary code via crafted macros. A remote code execution vulnerability exists in the way Excel handles macros when opening specially crafted Excel files. An attacker could exploit the vulnerability by sending a malformed file which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment.

Recommendations For Microsoft Excel versions 2000 SP3 through 2003 SP2, consider disabling macro execution until a patch is available. For Microsoft Excel Viewer 2003, restrict access to specially crafted Excel files to minimize the risk of exploitation. For Microsoft Office 2004 for Mac, avoid opening Excel files from untrusted sources until the issue is resolved.