⚠ Actively exploited
Added to CISA KEV on 2025-08-12. Federal agencies required to patch by 2025-09-02. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..

CVE-2007-0671

6 documents6 sources
Severity
8.8HIGH
EPSS
66.8%
top 1.45%
CISA KEV
KEV
Added 2025-08-12
Due 2025-09-02
Exploit
No known exploits
Affected products
14
Microsoft AccessMicrosoft ExcelMicrosoft Excel Viewer+11 more
Timeline
PublishedFeb 3
KEV addedAug 12
KEV dueSep 2
CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages14 packages

NVDmicrosoft/excel4 versions+3
NVDmicrosoft/office4 versions+3
NVDmicrosoft/word2000, 2002, 2003+2
NVDmicrosoft/visio2002, 2003+1

🔴Vulnerability Details

3
GHSA
GHSA-h24h-phxr-rg3x: Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attacke2022-05-01
CVEList
CVE-2007-0671: Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attacke2007-02-03
VulnCheck
Microsoft Office Excel Remote Code Execution Vulnerability2007

📋Vendor Advisories

1
CISA
Microsoft Office Excel Remote Code Execution Vulnerability2025-08-12

💬Community

1
Bugzilla
CVE-2007-1217 Kernel: CAPI overflow2007-11-28
CVE-2007-0671 (HIGH CVSS 8.8) | Unspecified vulnerability in Micros | cvebase.io