Back to CVE Browser

CVE-2007-0028

CRITICAL

9.3

CVSS Severity Score

EPSS Score0.1900%

EPSS Percentile4.55th

PublishedJan 9, 2007

Last ModifiedApr 23, 2026

Vulnerability Description

Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.

Affected Platforms (CPE)

📦

Microsoft

Excel

= 2000

📦

Microsoft

Office

= 2000

📦

Microsoft

Excel

= 2002

📦

Microsoft

Office

= xp

📦

Microsoft

Excel

= 2003

📦

Microsoft

Office

= 2003

📦

Microsoft

Excel Viewer

= 2003

📦

Microsoft

Works

= 2004

📦

Microsoft

Works

= 2005

📦

Microsoft

Office

= 2004

📦

Microsoft

Office

= v.x

References & Advisories

🔗 http://secunia.com/advisories/23676

🔗 http://securitytracker.com/id?1017485

🔗 http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-30.html

🔗 http://www.fortinet.com/FortiGuardCenter/advisory/FGA-2007-01.html

🔗 http://www.kb.cert.org/vuls/id/493185

🔗 http://www.osvdb.org/31249

🔗 http://www.securityfocus.com/archive/1/457274/100/0/threaded

🔗 http://www.securityfocus.com/bid/21952

Related Vulnerabilities

CVE-2008-421110.0

Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iP...

CVE-2015-098410.0

Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/...

CVE-2004-130110.0

Buffer overflow in the book_format_sql function in format.c for xlreader 0.9.0 allows remote attackers to execute arbitrary code v...

CVE-2019-112329.8

EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user information (Password) without being authenticated, by sendin...