1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Excel Remote Code Exec CVE-2008-0081

HTTP Excel Remote Code Exec CVE-2008-0081

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a vulnerability in Microsoft Excel which could lead to remote code execution.

Additional Information

Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite.

The application is prone to a remote code-execution vulnerability due to an unspecified error.

An attacker may exploit this issue by enticing an unsuspecting victim to open a specially crafted '.xls' Excel file with malformed header information.

Successful exploits will allow the attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Affected

  • Microsoft Excel 2000
  • Microsoft Excel 2002
  • Microsoft Excel 2003 SP2, SP3
  • Microsoft Excel 2004 for Mac
  • Microsoft Excel 2007 SP1
  • Microsoft Excel 2008 for Mac
  • Microsoft Excel Viewer 2003
  • Microsoft IIS 2007

Response

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube