Reported October 12, 2004, by Microsoft

VERSIONS AFFECTED

  • Microsoft Office XP (SP2 and Prior)
  • Microsoft Office 2000 (SP3 and Prior)
  • Microsoft Office 2001 and prior for MacIntosh

DESCRIPTION
A vulnerability in the Microsoft Excel could result in the arbitrary execution of code on the vulnerable system. This vulnerability is a result of an unchecked buffer, and a potential attacker who successfully exploited the vulnerability could take complete control of an affected system.

VENDOR RESPONSE
Microsoft has released bulletin MS04-033, "Vulnerability in Microsoft Excel Could Allow Remote Code Execution (886836)," to address this vulnerability and recommends that affected users apply the appropriate patch listed in the bulletin.

CREDIT
Discovered by Brett Moore.