Intrusion Prevention

MS.Excel.Workspace.Designation.Remote.Code.Execution

Description

This indicates an attempt to exploit a remote code execution vulnerability in Microsoft Excel.
The vulnerability can be exploited via a malformed Excel file with the "denoting [of] the start of a Workspace designation". This results in memory corruption. A remote attacker can crash Microsoft Excel and may also be able to execute arbitrary code. Aka the "Workbook Memory Corruption Vulnerability".

Affected Products

Microsoft Excel Viewer 2003
Microsoft Excel 2003 SP2
Microsoft Excel 2002 SP3
Microsoft Excel 2000 SP3

Impact

System compromise: possible remote code execution.

Recommended Actions

Apply patch, available from the Web site.
http://www.microsoft.com/technet/security/Bulletin/MS07-036.mspx

CVE References

CVE-2007-3030