Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Vigil@nce: MS Excel, remote code execution via .xlsx

August 2008 by Vigil@nce


An attacker can use Excel spreadsheet with .xlsx extension to gain access to confidential information.

Gravity: 3/4

Consequences: data reading

Provenance: document

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 13/08/2008

Identifier: VIGILANCE-VUL-8020


- Microsoft Excel [confidential versions]


The .xlsx extension is the new format for Excel 2007, it is an Open XML file.

Theses files can connect to information on several computers.

It is possible to use this kind of file to gain access to secured sources, even if the file is configured not to save credentials.

A local attacker can therefore use .xslx files to gain access to confidential information.


Identifiers: 954066, CVE-2008-3003, MS08-043, VIGILANCE-VUL-8020

See previous articles


See next articles