Remote Code Execution Vulnerability in Microsoft Excel Products
CVE-2008-0111

Currently unrated

Key Information:

Vendor: Microsoft
Status: Office Compatibility Pack For Word Excel Ppt 2007; Office; Excel Viewer; Excel
Vendor: CVE Published:; 11 March 2008

Summary

A vulnerability exists in Microsoft Excel ranging from version 2000 SP3 to 2007, including the Viewer 2003, Compatibility Pack, and Office 2004 for Mac. This flaw allows a user-assisted remote attacker to execute arbitrary code by leveraging specially crafted data validation records. Users of affected Excel versions should apply security updates or consider alternative measures to safeguard their systems from potential exploitation by malicious actors.

References

http://www.securityfocus.com/bid/28094

vdb-entryx_refsource_BID

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.us-cert.gov/cas/techalerts/TA08-071A.html

third-party-advisoryx_refsource_CERT

EPSS Score

69% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 11, 2008
Vulnerability Reserved
Jan 7, 2008