# Microsoft Excel Unspecified Code Execution Vulnerability (Highly critical)



## jgvernonco (Sep 13, 2003)

Microsoft Excel Unspecified Code Execution Vulnerability

SECUNIA ADVISORY ID:
SA12800

VERIFY ADVISORY:
http://secunia.com/advisories/12800/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Microsoft Excel 2000
http://secunia.com/product/3054/
Microsoft Office 2001 for Mac
http://secunia.com/product/4044/
Microsoft Excel 2002
http://secunia.com/product/4043/
Microsoft Office 2000
http://secunia.com/product/24/
Microsoft Office v. X for Mac
http://secunia.com/product/2610/
Microsoft Office XP
http://secunia.com/product/23/

DESCRIPTION:
Brett Moore has reported a vulnerability in Microsoft Excel, which
can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error when handling
Excel files and can be exploited to execute arbitrary code on a user's
system.

Successful exploitation requires that a user is tricked into opening
a malicious Excel file or visit a malicious web site.

SOLUTION:
Apply patches.

Microsoft Office 2000 (requires Service Pack 3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=B0C40C24-4DDE-45AF-8433-6DBDDD030C30

Microsoft Office XP (requires Service Pack 2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=5E0FADD3-1554-4C43-9B4A-D5E031478892

Microsoft Office 2001 for Mac:
http://www.microsoft.com/downloads/details.aspx?FamilyId=9889BEAE-4771-415D-8070-3E51F4CC7AE3

Microsoft Office v. X for Mac:
http://www.microsoft.com/downloads/details.aspx?FamilyId=148E9283-4DF8-4A75-9671-CC72E6306B84

PROVIDED AND/OR DISCOVERED BY:
Brett Moore

ORIGINAL ADVISORY:
MS04-033 (KB886836):
http://www.microsoft.com/technet/security/bulletin/ms04-033.mspx


----------

