CVE-2008-3003

Name of the Vulnerable Software and Affected Versions Microsoft Office Excel 2007 Gold and SP1

Description The issue allows local users to obtain sensitive information and gain access to a remote data source. This is due to the improper deletion of the PWD string from connections.xml when a .xlsx file is configured not to save the remote data session password. An elevation of privilege exists when data connections are made to remote data sources, potentially allowing an attacker to gain access to a secured remote data source by opening a specially configured .xlsx file.

Recommendations For Microsoft Office Excel 2007 Gold and SP1, consider disabling the ability to open .xlsx files that have been configured not to store credentials to remote data sources until a fix is available. Restrict access to sensitive remote data sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.