Microsoft Excel Multiple Vulnerabilities( 15 October 2008 )

1. Calendar Object Validation Vulnerability

A remote code execution vulnerability exists in the way Excel processes a VBA Performance Cache. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file in a VBA Performance Cache. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

2. File Format Parsing Vulnerability

A remote code execution vulnerability exists in Microsoft Excel as a result of improper memory allocation when loading Excel objects. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

3. Formula Parsing Vulnerability

The specific flaw exists when parsing Microsoft Excel documents containing a specially crafted formula embedded inside a cell. This can result in a remote compromise of the system under the context of the currently logged in user.