Microsoft Excel contains a memory corruption vulnerability. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system.
Microsoft Excel fails to properly validate parsing format files. When a file with a malformed parsing format files is opened in Excel, system memory can be corrupted in a way that may allow an attacker to execute arbitrary code.
More information is available in MS06-012
A remote unauthenticated attacker may be able to execute arbitrary code.
Apply a patch from your vendor
Microsoft addresses this vulnerability with the updates listed in Microsoft Security Bulletin MS06-012
Do not access Excel files from untrusted sources
By only accessing Excel files, such as spreadsheets, from trusted or known sources, the chances of exploitation are reduced.
Vendor| Status| Date Notified| Date Updated
Microsoft Corporation| | -| 14 Mar 2006
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A
This issue was reported in Microsoft Security Bulletin MS06-012 . Microsoft credits TippingPoint and the Zero Day Initiative with providing information regarding these issues.
This document was written by Jeff Gennari.