Microsoft Excel 2000 and Excel 2003 contain an issue that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
The issue exists due to insufficient input validation when handling the sheet name. An unauthenticated, remote attacker could exploit this issue by convincing the user to load an Excel spreadsheet that contains a malicious sheet name. The malicious sheet name could cause a buffer overflow and cause Excel to crash. The attacker may also be able to execute arbitrary code; however, this is unproven.
Functional exploit code publicly exists.
Microsoft has not confirmed this issue and updated software is unavailable.