Microsoft_Excel_Malformed_File_Format_Parsing_Code_Execution_attack

There exists a code execution vulnerability in Microsoft Excel. The vulnerability is caused by improper processing of malformed BOOLERR records within Excel spreadsheet files. An attacker may exploit this vulnerability by enticing a user to open a crafted Excel file, which will enable the attacker to inject and execute arbitrary code within the security context of the target user. In an attack case where code injection is not successful, all instances of the vulnerable Microsoft Excel application will terminate. This can potentially lead to a loss of data. In a more sophisticated attack where code injection results is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user.