CVE-2008-3471

Published Oct 15, 2008

Last updated 3 years ago

Overview

Description: Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a BIFF file with a malformed record that triggers a user-influenced size calculation, aka "File Format Parsing Vulnerability."
Source: secure@microsoft.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:excel:2003:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A07483B7-E30C-43F3-B54B-2864BE9AD704"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel:2007:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB7D84EE-5AF2-44AF-AFA1-7BB555AA0B4A"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel:2007:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F703901F-AD7C-42E7-BBFA-529A8C510D83"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel_viewer:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EEAAF38A-FE97-40FC-9BBF-763785853DCC"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F005DF3-BA80-49D0-B2B1-06DFD74ED9F7"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE2F0B8B-0600-4324-93A9-07DBE97E1BB8"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office:2004:*:*:*:*:macos:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B191155-67F2-4C6E-BD0C-AF5AF6F04BA1"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office:2008:*:*:*:*:macos:*:*",
            "vulnerable": true,
            "matchCriteriaId": "421ACF1B-1B21-4416-98ED-BAA5C210EAE5"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C150805-6157-43E3-A913-E021F97E7F59"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:-:*:*:*:*:macos:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BC69733-551E-4535-B851-4A3EF71E98CD"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References