CVE-2008-0117

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2000 SP3 and 2002 SP2 Microsoft Office versions 2004 and 2008 for Mac

Description The issue allows remote attackers to execute arbitrary code via crafted conditional formatting values. A remote code execution vulnerability exists in the way Excel handles conditional formatting values. An attacker could exploit the vulnerability by sending a malformed file which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment.

Recommendations For Microsoft Excel 2000 SP3, update to a version that is not affected by this issue. For Microsoft Excel 2002 SP2, update to a version that is not affected by this issue. For Microsoft Office 2004 for Mac, update to a version that is not affected by this issue. For Microsoft Office 2008 for Mac, update to a version that is not affected by this issue. As a temporary workaround, consider avoiding the use of conditional formatting values in Excel until a patch is available.