Excel Remote Code Execution Vulnerability in Microsoft Products
CVE-2008-0116

Currently unrated

Key Information:

Vendor: Microsoft
Status: Office; Office Compatibility Pack For Word Excel Ppt 2007; Excel Viewer; Excel
Vendor: CVE Published:; 11 March 2008

Summary

The vulnerability in Microsoft Excel occurs due to improper validation of rich text format tags. This flaw can be exploited by attackers to execute arbitrary code on a victim's machine when a user is tricked into opening a specially crafted document. The affected versions include Excel 2000 SP3 through 2003 SP2, as well as the Viewer and Compatibility Pack. Users of Office for Mac 2004 and 2008 are also at risk. Prompt patching and security updates are essential to mitigate this threat.

References

http://www.securityfocus.com/bid/28168

vdb-entryx_refsource_BID

http://dvlabs.tippingpoint.com/advisory/TPTI-08-03

x_refsource_MISC

http://www.us-cert.gov/cas/techalerts/TA08-071A.html

third-party-advisoryx_refsource_CERT

EPSS Score

74% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 11, 2008
Vulnerability Reserved
Jan 7, 2008