Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms.
Microsoft Excel references an uninitialized pointer if a spreadsheet contains an improperly placed rtAFDesc record. This can lead to arbitrary command execution when a user opens a specially crafted file.
Refer to Microsoft Security Advisory 947563 and apply a patch when available.
Exploit works on Microsoft Excel 2003 Service Pack 2 with patch KB940602 and requires a user to open the exploit file in Microsoft Excel.
The success of this exploit may depend on the state of the target system at the time the exploit is attempted.
Windows XP SP1
Windows XP SP2