CVE-2008-4266

Name of the Vulnerable Software and Affected Versions: Microsoft Office Excel versions 2000 SP3 through 2003 SP3 Excel Viewer 2003 Gold and SP3 Office 2004 and 2008 for Mac Open XML File Format Converter for Mac

Description: A remote code execution issue exists due to stack corruption when loading Excel records. This could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed object. An attacker who successfully exploits this issue could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations: For Microsoft Office Excel versions 2000 SP3 through 2003 SP3, update to a version that is not affected by this issue. For Excel Viewer 2003 Gold and SP3, consider disabling the ability to open specially crafted Excel files until a patch is available. For Office 2004 and 2008 for Mac, restrict access to malformed Excel objects to minimize the risk of exploitation. For Open XML File Format Converter for Mac, avoid using the converter with specially crafted Excel files until the issue is resolved.