You are here

Fortinet Discovers Critical Vulnerability Affecting Microsoft Excel

Improper Memory Access Vulnerability Allows Attackers to Remotely Control Victims' Systems

SUNNYVALE, Calif., Jan. 9, 2007 - Fortinet - the pioneer and leading provider of unified threat management (UTM) solutions - today announced that its leading security research team was key in discovering the latest Microsoft™ critical vulnerability (CVE-2007-028), which impacts users of Microsoft Excel™. The vulnerability allows attackers to take over the affected system by using an .xls file sent through email or uploaded to a controlled web site. When the user opens the .xls file using Microsoft Excel, the vulnerability is executed.

The vulnerability affects users of the following specific software:

  • Microsoft Office 2000 Service Pack 3
    • Microsoft Excel 2000
  • Microsoft Office XP Service Pack 3
    • Microsoft Excel 2002
  • Microsoft Office 2003 Service Pack 2
    • Microsoft Excel 2003
    • Microsoft Office Excel Viewer 2003
  • Microsoft Works Suites:
    • Microsoft Works Suite 2004 (same as the Microsoft Excel 2002 update)
    • Microsoft Works Suite 2005 (same as the Microsoft Excel 2002 update)
    • Microsoft Works Suite 2006 (same as the Microsoft Excel 2002 update)
  • Microsoft Office 2004 for Mac
  • Microsoft Office v. X for Mac

Microsoft™ users should immediately apply the update provided by Microsoft™ on Jan. 9, 2007. Fortinet's security research team was critical in discovering this vulnerability, as noted in the Microsoft Security Bulletin ( For more information on this vulnerability, please visit Fortinet's FortiGuard™ Center at

FortiGuard Network Information
All FortiGate systems in production worldwide are kept up to date automatically by Fortinet's FortiGuardNetwork, which provides continuous updates to help protect against the latest threats around the clock and around the world. For more information on the FortiGuard Network visit:

About Fortinet (

Fortinet is the pioneer and market-leading provider of ASIC-accelerated unified threat management systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, Web content filtering, VPN, spyware prevention and antispam--providing customers a way to protect multiple threats as well as blended threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified eight times over by the ICSA (firewall, antivirus, IPSec, SSL, IDS, client antivirus detection, cleaning and antispyware). Fortinet is privately held and based in Sunnyvale, California.

CALL NOW! 1-866-868-3678


Not only is the volume of email traffic rising but with it, the complexity of malware with the presence of blended threats combining spam, viruses, worms and spyware. To help ensure optimum service and security for our customers, we needed an effective multi-layered solution that combined antivirus, anti-spam and anti-spyware technologies in one appliance. FortiMail met our performance requirements while providing ease-of-use and management to our IT team which is essential as we do not have the time or resources to deploy and maintain separate point solutions.

Gunther Fischer
Head of Product and Service Enabler for the IT & Networks business unit
H3G Austria