1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP MS Excel Conditional Formatting Code Exec

HTTP MS Excel Conditional Formatting Code Exec

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a vulnerability in Microsoft Excel which could lead to remote code execution.

Additional Information

A remote code execution vulnerability exists in the way Excel handles conditional formatting values. An attacker could exploit the vulnerability by sending a malformed file which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment.

To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2008-0117.

Affected

  • Microsoft Office Excel 2000 Service Pack 3
  • Microsoft Office Excel 2002 Service Pack 3
  • Microsoft Office 2004 for Mac
  • Microsoft Office 2008 for Mac

Response

Download and install all vendor patches related to this issue.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube