CVE-2008-0115

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2000 SP3 through 2007 Microsoft Excel Viewer 2003 Microsoft Office Compatibility Pack Microsoft Office for Mac 2004

Description The issue allows user-assisted remote attackers to execute arbitrary code via malformed formulas. A remote code execution vulnerability exists in the way Excel handles malformed formulas. An attacker could exploit the issue by sending a malformed file, which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment.

Recommendations For Microsoft Excel versions 2000 SP3 through 2007, consider avoiding the use of malformed formulas until a patch is available. For Microsoft Excel Viewer 2003, restrict access to malformed files to minimize the risk of exploitation. For Microsoft Office Compatibility Pack, avoid using the pack with malformed files until the issue is resolved. For Microsoft Office for Mac 2004, consider disabling the handling of malformed formulas as a temporary workaround until a patch is available.