Overview
Microsoft has released a bulletin describing a remotely exploitable vulnerability in its Excel spreadsheet program. The vulnerability affects versions of Excel on Windows, MacOS 9, and MacOS X operating systems.
Description
There is a remotely exploitable vulnerability in Microsoft Excel which involves insufficient validation of certain parameters when opening files. According to Microsoft, attackers may be able to exploit this vulnerability and execute arbitrary code with the privleges of the user. The vulnerability affects versions of Excel on Windows, MacOS 9, and MacOS X operating systems. The updates in Microsoft Security Bulletin MS04-033 are replacements for the security updates in MS03-050. |
Impact
Microsoft has reported this vulnerability can be exploited by remote attackers and cause arbitrary code to be executed with the privileges of the user. |
Solution
Apply the Office update identified in Microsoft Security Bulletin MS04-033. |
Per Microsoft Security Bulletin MS04-033:
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Microsoft has credited Brett Moore of Security-Assessment.com for reporting this vulnerability.
This document was written by Jeffrey S. Havrilla.
Other Information
| CVE IDs: | CVE-2004-0846 |
| Severity Metric: | 45.25 |
| Date Public: | 2004-10-12 |
| Date First Published: | 2004-10-12 |
| Date Last Updated: | 2004-10-12 22:55 UTC |
| Document Revision: | 14 |