Name:
MS.Excel.File.Import.Code.Execution
Released Date:
Apr 18 2008
Severity:
critical
CVE:
2008-0112
MS Bulletin:
MS08-014
Bugtraq:
28095

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description
This indicates an attempt to exploit a vulnerability in Microsoft Excel 2000 and Office for Mac 2004 and 2008.

The vulnerability is a result of the software's failure to properly import malformed .SLK files. It allows user assisted remote attackers to execute arbitrary code via a crafted .SLK file.
 
Impact
System compromise: remote code execution.
 
Affected Products
Microsoft Excel 2000 SP3
Office for Mac 2004 and 2008
Aliases
References
http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx
http://www.securityfocus.com/bid/28095
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0112
Recommended Actions
Please refer to the following URL for the appropriate update or the patch:
http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED