CVE-2007-0671 - PatchNow

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2007-02-03

Added to CISA KEV: 2025-08-12 6765 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity
Apply Microsoft security update MS07-015 immediately to all Excel installations
Implement email security controls to block malicious Excel attachments
Train users on safe file handling practices and not opening untrusted Excel files
Consider application whitelisting to prevent unauthorized code execution

🔍 Web Intelligence (Kagi · 2026-06-03)

CVE-2007-0671 is a remote code execution vulnerability that affected various versions of Microsoft Excel and potentially other Microsoft Office products ^[1] ^[2].

Exploitation and Threat Actor Usage

Active Exploitation: This vulnerability was notably used in targeted zero-day attacks ^[1].
Ransomware: There is no evidence linking this specific 2007-era vulnerability to modern ransomware campaigns. Its primary historical context is associated with targeted, malicious activity typical of the era.
Availability: Proof-of-concept (PoC) material, such as `Exploit-MSExcel.h`, was associated with these early targeted attacks ^[1]. Some security databases indicate that a small number of public PoC/exploit examples have been available on platforms like GitHub ^[3].

Attack Method and Requirements

Method: The vulnerability is triggered by opening a specially crafted, malformed Excel file ^[2].
User Interaction: It is a user-assisted vulnerability, meaning an attacker must convince a user to open the malicious file ^[1].
Access: It is a remote attack vector, typically delivered via email or other file-sharing methods.

Impact

System Control: Successful exploitation allows an attacker to execute arbitrary code on the victim's system ^[1].
Privilege Level: If the user is logged on with administrative rights, the attacker can gain complete control of the affected system ^[2].

Affected Products and Mitigation

Affected Versions: Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and potentially other Office products ^[1].
Status: This vulnerability was addressed by Microsoft in Security Bulletin MS07-015, released in 2007 ^[2]. Users of these legacy products were advised to apply the relevant security updates to mitigate the risk.

Sources

CVE-2007-0671 Detail - NVD
Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to ... An official website of the United States government Here's how you know…
Microsoft Security Bulletin MS07-015 - Critical
Excel Malformed Record Vulnerability - CVE-2007-0671: A remote code execution vulnerability exists in Excel and could be exploited when Excel opened a specially ... When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploi…
CVE-2007-0671 - Microsoft Office Excel Remote Code Execution...
Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2007-0671 weaknesses. We scan GitHub repositories to detect new proof-of-concept exploits.EPSS is a daily est…

🟢 CVE-2007-0671