Date Discovered: 9 Jan 2007
Date Published: 10 Jan 2007
Last Updated: 13 Aug 2008
Vulnerability ID: 34925 Discovered By: Jeff Gennari
Exploitable Locally: No Exploitable Remotely: Yes
Impact: A remote attacker can execute arbitrary code.
Root Cause: Software Vulnerability
Microsoft Excel contains a vulnerability that can allow a remote attacker to execute arbitrary code. The vulnerability is due to insufficient data validation when processing the IMDATA record of an Excel file. An attacker can persuade users to open a specially crafted Excel file to execute arbitrary code.
Back to top
-------------------------------------------------------------------------------For: Microsoft Office Excel 2002 SP3 x86 32 ENApply: officexp-KB925523-FullFileIf you have: Microsoft Office Excel 2002 SP3 x86 32 ENDownload: http://download.microsoft.com/download/2/7/6/2767578b-b40e-4a25-8ca1-2bdd03ca6945/officexp-KB925523-FullFile-ENU.exe-------------------------------------------------------------------------------For: Microsoft Office Excel 2000 SP3 x86 32 EN, Microsoft Office Excel 2002 SP3 x86 32 ENIf the vendor supplied patch is not available or installation is not feasible, the following steps can be used to limit exposure.1. Implement a firewall2. Install Anti-virus and Spyware detection software and ensure definitions are kept current3. Check for software updates on a regular basis; if updates are available apply them as soon as possible4. Use vigilance when opening HTML formatted emails, following links embedded in emails or links from an unknown source5. Use a non-administrative privileged account for general tasks6. Do not open files/links from untrusted or unconfirmed sources-------------------------------------------------------------------------------For: Microsoft Office Excel 2002 SP3 x86 32 ENApply: officexp-kb946976-fullfileIf you have: Microsoft Office Excel 2002 SP3 x86 32 ENDownload: http://download.microsoft.com/download/9/1/c/91c7447e-c30d-40cc-b7cb-6f5ceabbf2d6/officexp-KB946976-FullFile-ENU.exe-------------------------------------------------------------------------------For: Microsoft Office Excel 2002 SP3 x86 32 ENApply: officexp-kb940601-fullfileIf you have: Microsoft Office Excel 2002 SP3 x86 32 ENDownload: http://download.microsoft.com/download/e/0/b/e0b5d66d-dbf1-4c17-b668-d76b6d80bcc5/officexp-KB940601-FullFile-ENU.exe-------------------------------------------------------------------------------For: Microsoft Office Excel 2000 SP3 x86 32 ENApply: office2000-kb940596-fullfileIf you have: Microsoft Office Excel 2000 SP3 x86 32 ENDownload: http://download.microsoft.com/download/7/e/7/7e7c0f69-b699-4511-b83d-68925ee72786/office2000-kb940596-fullfile-enu.exe-------------------------------------------------------------------------------For: Microsoft Office Excel 2000 SP3 x86 32 ENApply: office2000-kb925524-v2-fullfileIf you have: Microsoft Office Excel 2000 SP3 x86 32 ENDownload: http://download.microsoft.com/download/6/0/0/600b3d06-df68-4789-8e88-e12f679d61d5/office2000-kb925524-v2-fullfile-enu.exeInstructions:Note: Patch installation may require the original installation media.-------------------------------------------------------------------------------For: Microsoft Office Excel 2002 SP3 x86 32 ENApply: officeXP-KB936513-fullfileIf you have: Microsoft Office Excel 2002 SP3 x86 32 ENDownload: http://download.microsoft.com/download/0/d/2/0d2934f9-f512-48dc-a69c-9016d7a643d8/officexp-KB936513-FullFile-ENU.exe-------------------------------------------------------------------------------For: Microsoft Office Excel 2000 SP3 x86 32 ENApply: office2000-kb946979-fullfileIf you have: Microsoft Office Excel 2000 SP3 x86 32 ENDownload: http://download.microsoft.com/download/a/a/1/aa1de7c0-8713-4afd-9ff3-27aa690a50c0/office2000-KB946979-FullFile-ENU.exe-------------------------------------------------------------------------------For: Microsoft Office Excel 2002 SP3 x86 32 ENApply: officexp-KB934453-FullFileIf you have: Microsoft Office Excel 2002 SP3 x86 32 ENDownload: http://download.microsoft.com/download/a/d/3/ad3fe1e5-4018-44a8-8819-640e2393d9f7/officexp-KB934453-FullFile-ENU.exe-------------------------------------------------------------------------------For: Microsoft Office Excel 2000 SP3 x86 32 ENApply: office2000-kb934447-fullfileIf you have: Microsoft Office Excel 2000 SP3 x86 32 ENDownload: http://download.microsoft.com/download/7/3/e/73e3b51c-4cd1-428d-b5e9-d841bc94286c/office2000-kb934447-fullfile-enu.exeInstructions:Note: Patch installation may require the original installation media.-------------------------------------------------------------------------------For: Microsoft Office Excel 2002 SP3 x86 32 ENApply: officeXP-kb951551-fullfileIf you have: Microsoft Office Excel 2002 SP3 x86 32 ENDownload: http://download.microsoft.com/download/8/c/3/8c3a3c79-033f-423c-89a6-117f609a55e5/officexp-KB951551-FullFile-ENU.exeInstructions:Note: This patch may require the installation media during installation.-------------------------------------------------------------------------------For: Microsoft Office Excel 2000 SP3 x86 32 ENApply: office2000-kb936511-clientIf you have: Microsoft Office Excel 2000 SP3 x86 32 ENDownload: http://download.microsoft.com/download/9/9/e/99e37629-a1d1-4bdb-bc0b-8101e558f05b/office2000-kb936511-client-enu.exe-------------------------------------------------------------------------------For: Microsoft Office Excel 2000 SP3 x86 32 ENApply: office2000-kb951582-fullfileIf you have: Microsoft Office Excel 2000 SP3 x86 32 ENDownload: http://download.microsoft.com/download/f/6/4/f640a7e5-3698-4d9a-b9e9-8b17a39915e1/office2000-KB951582-FullFile-ENU.exeInstructions:Note: This patch may require the installation media during installation.
Microsoft: Microsoft Office Excel 2000 SP3 x86 32 ENMicrosoft: Microsoft Office Excel 2002 SP3 x86 32 EN
Microsoft: MS07-002Mitre CVE: CVE-2007-0027