Intrusion Prevention

MS.Excel.SLK.File.Import.Code.Execution

Description

This indicates an attempt to exploit a vulnerability in Microsoft Excel 2000 and Office for Mac 2004 and 2008.
The vulnerability is a result of the software's failure to properly import malformed .SLK files. It allows user assisted remote attackers to execute arbitrary code via a crafted .SLK file.

Affected Products

Microsoft Excel 2000 SP3
Office for Mac 2004 and 2008

Impact

System compromise: remote code execution.

Recommended Actions

Please refer to the following URL for the appropriate update or the patch:
http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx

CVE References

CVE-2008-0112