CVE-2009-0100

Name of the Vulnerable Software and Affected Versions Microsoft Office Excel versions 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 Excel in Microsoft Office 2004 and 2008 for Mac Microsoft Office Excel Viewer and Excel Viewer 2003 SP3 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1

Description A remote code execution issue exists due to improper parsing of the Excel spreadsheet file format. This allows remote attackers to execute arbitrary code via a crafted spreadsheet containing a malformed object, which triggers a memory calculation error. If successfully exploited, an attacker could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Office Excel 2000 SP3, update to a newer version to mitigate the risk. For Microsoft Office Excel 2002 SP3, update to a newer version to mitigate the risk. For Microsoft Office Excel 2003 SP3, update to a newer version to mitigate the risk. For Microsoft Office Excel 2007 SP1, update to a newer version to mitigate the risk. For Excel in Microsoft Office 2004 and 2008 for Mac, update to a newer version to mitigate the risk. For Microsoft Office Excel Viewer and Excel Viewer 2003 SP3, update to a newer version to mitigate the risk. For Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1, update to a newer version to mitigate the risk. As a temporary workaround, consider avoiding the use of malformed objects in Excel files until a patch is available.