Intrusion Prevention

MS.Excel.Calendar.Object.SRP.Stream.Bad.Value.Code.Execution

Description

This indicates an attempt to exploit a remote code-execution vulnerability in Microsoft Excel.
The vulnerability is caused by the incorrect processing of a VBA Performance Cache. It may allow a remote attacker to execute arbitrary code via opening a crafted Excel file.

Affected Products

Excel 2000 Service Pack 3
Excel 2002 Service Pack 3
Excel 2003 Service Pack 2
Excel 2003 Service Pack 3

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrades or patches from the vendor:
http://www.microsoft.com/technet/security/Bulletin/ms08-057.mspx

CVE References

CVE-2008-3477