Summary
This host is installed with Microsoft Office Excel which is prone to arbitrary code execution vulnerability.
Impact
Successful exploitation will allow attackers to execute arbitrary code or or cause denial of service condition via a crafted XLS file.
Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
An error exists in the Microsoft Office Excel Viewer and Excel when handling crafted '.xls' files.
Affected
Microsoft Excel Viewer 2007 Service Pack 3 and prior Microsoft Office 2007 Service Pack 2 and Service Pack 3
References
Severity
Classification
-
CVE CVE-2012-5672 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Microsoft SharePoint '_layouts/help.aspx' Cross Site Scripting Vulnerability
- MS IE Information Disclosure and Web Site Spoofing Vulnerabilities
- BitDefender Internet Security 2009 XSS Vulnerability
- Microsoft Windows Minimum Certificate Key Length Spoofing Vulnerability (2661254)
- PuTTY SSH2 authentication password persistence weakness