CVE-2008-0111

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2000 SP3 through 2007 Microsoft Excel Viewer 2003 Microsoft Office Compatibility Pack Microsoft Office 2004 for Mac

Description The issue allows user-assisted remote attackers to execute arbitrary code via crafted data validation records. A remote code execution vulnerability exists in the way Excel processes data validation records when loading Excel files into memory. An attacker could exploit the vulnerability by sending a malformed file which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment.

Recommendations For Microsoft Excel versions 2000 SP3 through 2007, consider avoiding the use of data validation records until a patch is available. For Microsoft Excel Viewer 2003, restrict access to loading Excel files from untrusted sources to minimize the risk of exploitation. For Microsoft Office Compatibility Pack, avoid using the pack to open Excel files from unknown sources until the issue is resolved. For Microsoft Office 2004 for Mac, as a temporary workaround, consider disabling the loading of Excel files with data validation records until a patch is available.