Intrusion Prevention

MS.Excel.Formula.Parsing.Code.Execution

Description

This indicates an attempt to exploit a vulnerability in Microsoft Excel that may allow an attacker to take complete control of an affected system.
The vulnerability exists in the way Excel handles Formula data when opening an Excel file. The vulnerability is caused by a memory handling error in Excel if a user opens a specially crafted Excel file when validating Style record information.

Affected Products

Microsoft Office 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 2
2007 Microsoft Office System
Microsoft Office Excel Viewer 2003
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Microsoft Excel 2000 Service Pack 3
Microsoft Excel 2002 Service Pack 3
Microsoft Excel 2003 Service Pack 2
Microsoft Excel 2007

Impact

System compromise.

Recommended Actions

Microsoft has released security advisory MS08-014 to address this issue.
http://www.microsoft.com/technet/security/bulletin/MS08-014.mspx

CVE References

CVE-2008-0115