Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitra
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in…
- CISA KEV: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
No additional references available in the KB record.
This vulnerability is currently on the CISA KEV list, which CISA only adds CVEs to when there is reliable evidence of active exploitation in the wild. For federal civilian agencies, BOD 22-01 requires remediation by the due date above. For everyone else, KEV is the strongest "patch immediately" signal you can get from public threat intel.
No structured affected-product list available — see references below for vendor advisories.
Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection: