CVE-2009-0557

Name of the Vulnerable Software and Affected Versions Microsoft Office Excel versions 2000 SP3 through 2003 SP3 Microsoft Office Excel versions 2007 SP1 through SP2 Microsoft Office Excel Viewer version 2003 SP3 Microsoft Office Excel Viewer (affected versions not specified) Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats versions SP1 through SP2 Open XML File Format Converter for Mac (affected versions not specified) Microsoft Office for Mac versions 2004 through 2008

Description A remote code execution issue exists in Microsoft Office Excel, allowing attackers to execute arbitrary code via a crafted Excel file with a malformed record object. This could enable an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Office Excel versions 2000 SP3 through 2003 SP3, update to a newer version to mitigate the risk. For Microsoft Office Excel versions 2007 SP1 through SP2, update to a newer version to mitigate the risk. For Microsoft Office Excel Viewer version 2003 SP3, update to a newer version to mitigate the risk. For Microsoft Office Excel Viewer, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats versions SP1 through SP2, update to a newer version to mitigate the risk. For Open XML File Format Converter for Mac, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Microsoft Office for Mac versions 2004 through 2008, update to a newer version to mitigate the risk.