Microsoft Excel Opcode Handling Unspecified Remote Code Execution Vulnerability

BID:21952

Info

Microsoft Excel Opcode Handling Unspecified Remote Code Execution Vulnerability

Bugtraq ID: 21952
Class: Boundary Condition Error
CVE: CVE-2007-0028
Remote: Yes
Local: No
Published: Jan 09 2007 12:00AM
Updated: Feb 01 2007 05:58PM
Credit: Jie Ma discovered this vulnerability.
Vulnerable: Microsoft Works Suite 2006 0
Microsoft Works Suite 2005 0
Microsoft Works Suite 2004
Microsoft Office XP SP3
+ Microsoft Excel 2002 SP3
 + Microsoft Excel 2002 SP3
 + Microsoft FrontPage 2002 SP3
 + Microsoft FrontPage 2002 SP3
 + Microsoft Outlook 2002 SP3
 + Microsoft Outlook 2002 SP3
 + Microsoft PowerPoint 2002 SP3
 + Microsoft PowerPoint 2002 SP3
 + Microsoft Publisher 2002 SP3
 + Microsoft Publisher 2002 SP3
 Microsoft Office XP SP2
- Microsoft Windows 2000 Professional SP3
 - Microsoft Windows 2000 Professional SP2
 - Microsoft Windows 2000 Professional SP1
 - Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
 - Microsoft Windows NT Workstation 4.0 SP6
 - Microsoft Windows NT Workstation 4.0 SP5
 - Microsoft Windows NT Workstation 4.0 SP4
 - Microsoft Windows NT Workstation 4.0 SP3
 - Microsoft Windows NT Workstation 4.0 SP2
 - Microsoft Windows NT Workstation 4.0 SP1
 - Microsoft Windows NT Workstation 4.0
 - Microsoft Windows XP Home SP1
 - Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
 - Microsoft Windows XP Professional
Microsoft Office XP SP1
- Microsoft Windows 2000 Professional SP2
 - Microsoft Windows 2000 Professional SP1
 - Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
 - Microsoft Windows NT Workstation 4.0 SP6
 - Microsoft Windows NT Workstation 4.0 SP5
 - Microsoft Windows NT Workstation 4.0 SP4
 - Microsoft Windows NT Workstation 4.0 SP3
 - Microsoft Windows NT Workstation 4.0 SP2
 - Microsoft Windows NT Workstation 4.0 SP1
 - Microsoft Windows NT Workstation 4.0
 - Microsoft Windows XP Home
- Microsoft Windows XP Professional
Microsoft Office XP
- Microsoft Windows 2000 Professional SP2
 - Microsoft Windows 2000 Professional SP1
 - Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
 - Microsoft Windows NT Workstation 4.0 SP6
 - Microsoft Windows NT Workstation 4.0 SP5
 - Microsoft Windows NT Workstation 4.0 SP4
 - Microsoft Windows NT Workstation 4.0 SP3
 - Microsoft Windows NT Workstation 4.0 SP2
 - Microsoft Windows NT Workstation 4.0 SP1
 - Microsoft Windows NT Workstation 4.0
 - Microsoft Windows XP Home
- Microsoft Windows XP Professional
Microsoft Office v. X
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
Microsoft Office 2004 for Mac 0
Microsoft Office 2003 SP2
Microsoft Office 2003 SP1
Microsoft Office 2003 0
+ Microsoft Excel 2003
+ Microsoft FrontPage 2003
+ Microsoft InfoPath 2003
+ Microsoft OneNote 2003 0
 + Microsoft Outlook 2003 0
 + Microsoft PowerPoint 2003 0
 + Microsoft Publisher 2003
Microsoft Office 2000 SP3
- Microsoft Windows 2000 Professional SP3
 - Microsoft Windows 2000 Professional SP2
 - Microsoft Windows 2000 Professional SP1
 - Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
 - Microsoft Windows NT Workstation 4.0 SP6
 - Microsoft Windows NT Workstation 4.0 SP5
 - Microsoft Windows NT Workstation 4.0 SP4
 - Microsoft Windows NT Workstation 4.0 SP3
 - Microsoft Windows NT Workstation 4.0 SP2
 - Microsoft Windows NT Workstation 4.0 SP1
 - Microsoft Windows NT Workstation 4.0
 - Microsoft Windows XP Home SP1
 - Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
 - Microsoft Windows XP Professional
Microsoft Office 2000 SP1
- Microsoft Windows 2000 Professional SP2
 - Microsoft Windows 2000 Professional SP1
 - Microsoft Windows 2000 Professional
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
 - Microsoft Windows NT Workstation 4.0 SP6
 - Microsoft Windows NT Workstation 4.0 SP5
 - Microsoft Windows NT Workstation 4.0 SP4
 - Microsoft Windows NT Workstation 4.0 SP3
 - Microsoft Windows NT Workstation 4.0 SP2
 - Microsoft Windows NT Workstation 4.0 SP1
 - Microsoft Windows NT Workstation 4.0
 - Microsoft Windows XP Home
- Microsoft Windows XP Professional
Microsoft Office 2000
- Microsoft Windows 2000 Professional SP2
 - Microsoft Windows 2000 Professional SP1
 - Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
 - Microsoft Windows NT Workstation 4.0 SP6
 - Microsoft Windows NT Workstation 4.0 SP5
 - Microsoft Windows NT Workstation 4.0 SP4
 - Microsoft Windows NT Workstation 4.0 SP3
 - Microsoft Windows NT Workstation 4.0 SP2
 - Microsoft Windows NT Workstation 4.0 SP1
 - Microsoft Windows NT Workstation 4.0
 - Microsoft Windows XP Home
- Microsoft Windows XP Professional
Microsoft Internet Explorer for Unix SP2
Microsoft Excel Viewer 2003 0
+ Microsoft Office 2003 SP1
 + Microsoft Office 2003 SP1
 + Microsoft Office 2003 SP1
 Microsoft Excel 2003
+ Microsoft Office 2003 0
 Microsoft Excel 2002 SP3
+ Microsoft Office XP SP3
 Microsoft Excel 2002
+ Microsoft Office XP
- Microsoft Windows 2000 Professional SP2
 - Microsoft Windows 2000 Professional SP1
 - Microsoft Windows 2000 Professional
- Microsoft Windows 95 SR2
 - Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP3
 - Microsoft Windows NT 4.0 SP2
 - Microsoft Windows NT 4.0 SP1
 - Microsoft Windows NT 4.0
 Microsoft Excel 2000
+ Microsoft Office 2000
- Microsoft Windows 2000 Professional SP2
 - Microsoft Windows 2000 Professional SP1
 - Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP6
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP3
 - Microsoft Windows NT 4.0 SP2
 - Microsoft Windows NT 4.0 SP1
 - Microsoft Windows NT 4.0
Not Vulnerable: Microsoft Excel 2007 0

Discussion

Microsoft Excel Opcode Handling Unspecified Remote Code Execution Vulnerability

Microsoft Excel is reportedly prone to an unspecified remote code-execution vulnerability.

Successfully exploiting this issue allows attackers to execute arbitrary code in the context of targeted users.

Note that Microsoft Office applications include functionality to embed Office files as objects contained in other Office files. As an example, Microsoft Word files may contain embedded malicious Microsoft Excel files, making Word and other Office documents another possible attack vector.

Insufficient details are currently available to elaborate further.

Exploit / POC

Microsoft Excel Opcode Handling Unspecified Remote Code Execution Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Solution / Fix

Microsoft Excel Opcode Handling Unspecified Remote Code Execution Vulnerability

Solution:
Microsoft has released fixes to address this issue. Please see the references section for more information.

Update: Microsoft has re-released MS07-002 to resolve a regression with the original Excel 2000 fixes when dealing with files created when in Korean, Chinese, or Japanese executable modes. Please see the knowledge base article (KB931183) for further information.


Microsoft Office v. X

Microsoft Works Suite 2005 0

Microsoft Office 2000 SP3

Microsoft Excel 2003

Microsoft Works Suite 2004

Microsoft Office 2004 for Mac 0

Microsoft Excel 2000

Microsoft Excel Viewer 2003 0

References

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report