CVE-2010-0261

Name of the Vulnerable Software and Affected Versions Microsoft Office Excel 2007 versions SP1 through SP2 Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats versions SP1 through SP2

Description A remote code execution issue exists in the way Microsoft Office Excel handles specially crafted Excel files, potentially allowing attackers to execute arbitrary code via a crafted spreadsheet. This can occur when a MDXSET record is broken up into several records. An attacker who successfully exploits this issue could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Office Excel 2007 versions SP1 and SP2, update to a version that is not affected by this issue. For Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats versions SP1 and SP2, update to a version that is not affected by this issue. As a temporary workaround, consider avoiding the use of crafted Excel files that could trigger the MDXSET record heap overflow until a patch is available.