Microsoft Excel rtAFDesc record invalid pointer access

Added: 01/17/2008
CVE: CVE-2008-0081
BID: 27305
OSVDB: 40344


Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms.


Microsoft Excel references an uninitialized pointer if a spreadsheet contains an improperly placed rtAFDesc record. This can lead to arbitrary command execution when a user opens a specially crafted file.


Refer to Microsoft Security Advisory 947563 and apply a patch when available.



Exploit works on Microsoft Excel 2003 Service Pack 2 with patch KB940602 and requires a user to open the exploit file in Microsoft Excel.

The success of this exploit may depend on the state of the target system at the time the exploit is attempted.


Windows 2000
Windows XP SP1
Windows XP SP2

Back to exploit index