SECUNIA ADVISORY ID: SA23676

VERIFY ADVISORY: http://secunia.com/advisories/23676/

CRITICAL: Highly critical

IMPACT: System access

DESCRIPTION: Jie Ma has reported a vulnerability in Microsoft Excel, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error when opening XLS files using Internet Explorer. This can be exploited to execute arbitrary code via a specially crafted XLS file with a certain unspecified opcode.

SOFTWARE:
Microsoft Works Suite 2006 - http://secunia.com/product/8712/
Microsoft Works Suite 2005 - http://secunia.com/product/8711/
Microsoft Works Suite 2004 - http://secunia.com/product/3897/
Microsoft Office XP - http://secunia.com/product/23/
Microsoft Office X for Mac - http://secunia.com/product/2610/
Microsoft Office 2004 for Mac - http://secunia.com/product/8713/
Microsoft Office 2003 Student and Teacher Edition - http://secunia.com/product/2278/
Microsoft Office 2003 Standard Edition - http://secunia.com/product/2275/
Microsoft Office 2003 Small Business Edition - http://secunia.com/product/2277/
Microsoft Office 2003 Professional Edition - http://secunia.com/product/2276/
Microsoft Office 2000 - http://secunia.com/product/24/
Microsoft Excel 2000 - http://secunia.com/product/3054/
Microsoft Excel 2002 - http://secunia.com/product/4043/
Microsoft Excel 2003 - http://secunia.com/product/4970/
Microsoft Excel Viewer 2003 - http://secunia.com/product/7700/

SOLUTION: Do not open untrusted Office documents.

PROVIDED AND/OR DISCOVERED BY: Jie Ma, Fortinet Security Research Team.

ORIGINAL ADVISORY: http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-30.html