CVE-2008-0114

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2000 SP3 through 2003 SP2 Microsoft Excel Viewer 2003 Microsoft Office for Mac 2004

Description The issue allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption. A remote code execution vulnerability exists in the way Excel handles Style record data when opening Excel files. An attacker could exploit the issue by sending a malformed file which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment.

Recommendations For Microsoft Excel versions 2000 SP3 through 2003 SP2, consider avoiding the use of Style records in Excel files until a fix is available. For Microsoft Excel Viewer 2003, restrict the opening of Excel files from untrusted sources to minimize the risk of exploitation. For Microsoft Office for Mac 2004, avoid using the affected version to open Excel files from unknown or untrusted sources until the issue is resolved.