CVE-2009-0560

Name of the Vulnerable Software and Affected Versions Microsoft Office Excel versions in Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2004, Office 2008 for Mac, 2007 Microsoft Office System SP1, and SP2 Open XML File Format Converter for Mac Microsoft Office Excel Viewer 2003 SP3 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2

Description A remote code execution issue exists in Microsoft Office Excel, allowing attackers to execute arbitrary code via a crafted Excel file with a malformed record object. If successfully exploited, an attacker could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Office Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2004, Office 2008 for Mac, 2007 Microsoft Office System SP1, and SP2, update to a version that includes the fix for this issue. For Open XML File Format Converter for Mac, Microsoft Office Excel Viewer 2003 SP3, Microsoft Office Excel Viewer, and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of malformed record objects in Excel files until a patch is available.