CVE-2009-3130

Name of the Vulnerable Software and Affected Versions: Microsoft Office Excel 2002 SP3 Office 2004 for Mac Office 2008 for Mac Open XML File Format Converter for Mac

Description: A heap-based buffer overflow issue exists in the way Microsoft Office Excel handles specially crafted Excel files with malformed Binary File Format (BIFF) records. This allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed BIFF record that triggers memory corruption. An attacker who successfully exploits this issue could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations: For Microsoft Office Excel 2002 SP3, update to a version that includes the fix for this issue. For Office 2004 for Mac, update to a version that includes the fix for this issue. For Office 2008 for Mac, update to a version that includes the fix for this issue. For Open XML File Format Converter for Mac, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of BIFF records in Excel files until a patch is available.