Intrusion Prevention

MS.Excel.DVAL.Record.Memory.Corruption

Description

This indicates an attempt to exploit a vulnerability in Microsoft Excel that may allow an attacker to take complete control of an affected system.
The vulnerability exists in the way Excel processes data validation records when loading Excel files into memory. An attacker could exploit the vulnerability by sending a malformed file which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment.

Affected Products

Microsoft Office 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 2
2007 Microsoft Office System
Microsoft Office Excel Viewer 2003
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac

Impact

System compromise.

Recommended Actions

Microsoft has released security advisory MS08-014 to address this issue.
http://www.microsoft.com/technet/security/bulletin/MS08-014.mspx

CVE References

CVE-2008-0111