CVE-2013-3889

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT Office versions 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT Office for Mac version 2011 Excel Viewer (affected versions not specified) Office Compatibility Pack version SP3 Excel Services and Word Automation Services in SharePoint Server version 2013

Description A remote code execution issue exists in the way that Microsoft Excel and other affected Microsoft Office services parse content in specially crafted files. An attacker who successfully exploits this issue could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights.

Recommendations For Microsoft Excel versions 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT, update to a version that includes the fix for this issue. For Office versions 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT, update to a version that includes the fix for this issue. For Office for Mac version 2011, update to a version that includes the fix for this issue. For Excel Viewer, at the moment, there is no information about a newer version that contains a fix for this issue. For Office Compatibility Pack version SP3, update to a version that includes the fix for this issue. For Excel Services and Word Automation Services in SharePoint Server version 2013, update to a version that includes the fix for this issue.