A memory corruption vulnerability exists in Microsoft Office Excel. The vulnerability is due to improper parsing of a malformed Excel file. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user.

In an attack scenario where arbitrary code is successfully injected and executed on the target machine the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access.

Microsoft has provided patches to address this vulnerability at:

http://www.microsoft.com/technet/security/bulletin/ms10-057.mspx

• Microsoft Office 2002
• Microsoft Office 2003
• Microsoft Office Open XML File Format Converter for Mac
• Microsoft Office 2004 for Mac .
• Microsoft Office 2008 for Mac .

• Access vector is NETWORK
• Access complexity is MEDIUM
• Level of authentication required is NONE
• Impact of this vulnerability on data confidentiality is PARTIAL
• Impact of this vulnerability on data integrity is PARTIAL
• Impact of this vulnerability on data availability is PARTIAL

• The exploitability level of this vulnerability is UNPROVEN
• The remediation level of this vulnerability is OFFICIAL FIX
• The report confidence level of this vulnerability is CONFIRMED