Microsoft Excel SST Invalid Length Use After Free Remote Code Execution Vulnerability
The original article can be found at: http://technet.microsoft.com/en-us/security/bulletin/ms12-076
* Microsoft Excel 2010 SP1 and prior
Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel (‘.xls’) file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploits will result in denial-of-service conditions.
Published: November 13 2012