CVE-2007-0028

Published: Jan 9, 2007Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.

Affected (11)

Products: Microsoft: Excel, Office, Excel Viewer, Works

4 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Excel	Version 2000
Microsoft Office	Version 2000 sp3

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Excel	Version 2002
Microsoft Office	Version xp sp3

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Excel	Version 2003
Microsoft Office	Version 2003 sp2

Configuration D

3 vulnerable

Vulnerable Software	Affected Versions
Microsoft Excel Viewer	Version 2003
Microsoft Works	Version 2004
Microsoft Works	Version 2005

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Office	Version 2004
Microsoft Office	Version v.x

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (24)

http://secunia.com/advisories/23676

Source: secure@microsoft.com

Vendor Advisory

http://securitytracker.com/id?1017485

Source: secure@microsoft.com

http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-30.html

Source: secure@microsoft.com

http://www.fortinet.com/FortiGuardCenter/advisory/FGA-2007-01.html

Source: secure@microsoft.com

http://www.kb.cert.org/vuls/id/493185

Source: secure@microsoft.com

PatchUS Government Resource

http://www.osvdb.org/31249

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/457274/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/bid/21952

Source: secure@microsoft.com

http://www.us-cert.gov/cas/techalerts/TA07-009A.html

Source: secure@microsoft.com

US Government Resource

http://www.vupen.com/english/advisories/2007/0103

Source: secure@microsoft.com

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A768

Source: secure@microsoft.com

http://secunia.com/advisories/23676

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1017485

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-30.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.fortinet.com/FortiGuardCenter/advisory/FGA-2007-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/493185

Source: af854a3a-2127-422b-91ae-364da2661108

PatchUS Government Resource

http://www.osvdb.org/31249

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/457274/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/21952

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA07-009A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2007/0103

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A768

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.