CVE-2007-0027
First published: Tue Jan 09 2007(Updated: )
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Office Excel | =2000 | |
| Microsoft Office | =2000-sp3 | |
| Microsoft Office Excel | =2002 | |
| Microsoft Office | =xp-sp3 | |
| Microsoft Office Excel | =2003 | |
| Microsoft Office | =2003-sp2 | |
| Microsoft Office Excel Viewer | =2003 | |
| Microsoft Works Suite | =2004 | |
| Microsoft Works Suite | =2005 | |
| Microsoft Office | =2004 | |
| Microsoft Office | =v.x |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://securitytracker.com/id?1017487
- http://www.kb.cert.org/vuls/id/749964
- http://www.osvdb.org/31255
- http://www.securityfocus.com/archive/1/457274/100/0/threaded
- http://www.securityfocus.com/bid/21856
- http://www.us-cert.gov/cas/techalerts/TA07-009A.html
- http://www.vupen.com/english/advisories/2007/0103
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A119
Frequently Asked Questions
What is the severity of CVE-2007-0027?
CVE-2007-0027 is a critical vulnerability that allows remote code execution due to memory corruption.
How do I fix CVE-2007-0027?
To remediate CVE-2007-0027, users should update their affected Microsoft Office or Excel installations to the latest patches provided by Microsoft.
Which software versions are affected by CVE-2007-0027?
CVE-2007-0027 affects Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and several Microsoft Office versions including 2000, XP, and 2003.
Can CVE-2007-0027 be exploited through file attachments?
Yes, CVE-2007-0027 can be exploited when a user opens a malicious Excel file that contains crafted IMDATA records.
Is there a workaround for CVE-2007-0027?
While the best solution for CVE-2007-0027 is to apply patches, users can minimize risk by avoiding opening suspicious or unsolicited Excel files.
- agent/type
- agent/remedy
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/microsoft
- canonical/microsoft office excel
- version/microsoft office excel/2000
- canonical/microsoft office
- version/microsoft office/2000-sp3
- version/microsoft office excel/2002
- version/microsoft office/xp-sp3
- version/microsoft office excel/2003
- version/microsoft office/2003-sp2
- canonical/microsoft office excel viewer
- version/microsoft office excel viewer/2003
- canonical/microsoft works suite
- version/microsoft works suite/2004
- version/microsoft works suite/2005
- version/microsoft office/2004
- version/microsoft office/v.x