CVE-2012-1887

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2003 SP3, 2007 SP2 and SP3, and 2010 SP1 Office versions 2008 and 2011 for Mac

Description A use-after-free issue allows remote attackers to execute arbitrary code via a crafted spreadsheet. This is a remote code execution vulnerability in the way that Microsoft Excel handles specially crafted Excel files, which could allow an attacker to take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Excel 2003 SP3, consider applying a patch or update to fix the issue. For Microsoft Excel 2007 SP2 and SP3, update to a newer version or apply a patch to resolve the vulnerability. For Microsoft Excel 2010 SP1, apply a security update to mitigate the risk. For Office 2008 and 2011 for Mac, update to a newer version or apply a patch to fix the issue.