Microsoft Excel conditional formatting vulnerability

2008-03-14T00:00:00
ID SAINT:4FB2B8230025F5AED01D6CFE33244500
Type saint
Reporter SAINT Corporation
Modified 2008-03-14T00:00:00

Description

Added: 03/14/2008
CVE: CVE-2008-0117
BID: 28170
OSVDB: 42731

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.

Problem

A vulnerability in Microsoft Excel allows command execution when a user opens a file containing specially crafted conditional formatting values.

Resolution

See Microsoft Security Bulletin 08-014 for update information.

References

<http://www.microsoft.com/technet/security/bulletin/MS08-014.mspx>

Limitations

Exploit works on Microsoft Excel 2002 SP3 and requires a user to open a specially crafted file in Microsoft Excel.

Platforms

Windows 2000
Windows XP