Microsoft Office Remote Code Execution Vulnerability RRS feed

  • Question


    Systems Affected

    • Microsoft Office 2000
    • Microsoft Office XP
    • Microsoft Office 2003
    • Microsoft Office 2004 for Mac


    A remote code execution vulnerability has been reported in Microsoft Office that could be exploited by an attacker to take complete control of the vulnerable system.


    The vulnerability is caused due to a memory corruption error while handling malformed strings in a Microsoft Office document.

    The attacker could exploit this vulnerability by creating a specially crafted MS Office file and sending the file as email attachment. Attacker could also host a web site containing the specially crafted file and could persuade the user to visit the website typically by getting them click on a link to the website. Opening this crafted file could corrupt the system memory and allow attacker to execute arbitrary code.

    Note: Malware Exploit-MSExcel.h (McAfee) related to the vulnerability is actively spreading in the wild and currently known to be targeting Microsoft Excel.


    Do not open or save MS Office files received from un-trusted sources or that unexpectedly received from trusted sources .


    Apply appropriate patches as mentioned in Microsoft Security Bulletin MS07-014





    CVE Name

    Wednesday, February 21, 2007 2:59 PM

All replies