Microsoft_Excel_File_Importing_Code_Execution_attack

There exists a code execution vulnerability in Microsoft Excel. The vulnerability is due to improper parsing of the SYLK-formatted file. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted SYLK file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In the case of an unsuccessful code execution attack, Excel will terminate resulting in the loss of any unsaved data from the current session. Note that the vendor provided patch only eliminates the code execution possibility by proper initialization of the pointers. The denial of service condition still remains and affects a patched Excel 2000, as well as other versions of Excel, including Excel 2002 and Excel 2003.