CVE-2008-3471

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1 Office Excel Viewer 2003 SP3 Office Excel Viewer Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 Office 2004 and 2008 for Mac Open XML File Format Converter for Mac

Description The issue is related to a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a BIFF file with a malformed record. This is triggered by a user-influenced size calculation. A remote code execution vulnerability exists due to improper memory allocation when loading Excel objects, which could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file.

Recommendations For Microsoft Excel 2000 SP3, update to a newer version to mitigate the risk. For Microsoft Excel 2002 SP3, update to a newer version to mitigate the risk. For Microsoft Excel 2003 SP2 and SP3, update to a newer version to mitigate the risk. For Microsoft Excel 2007 Gold and SP1, update to a newer version to mitigate the risk. For Office Excel Viewer 2003 SP3, update to a newer version to mitigate the risk. For Office Excel Viewer, update to a newer version to mitigate the risk. For Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1, update to a newer version to mitigate the risk. For Office 2004 and 2008 for Mac, update to a newer version to mitigate the risk. For Open XML File Format Converter for Mac, update to a newer version to mitigate the risk. As a temporary workaround, consider avoiding the use of BIFF files with malformed records until a patch is available.