CVE-2008-4264

Published Dec 10, 2008

Last updated 6 years ago

Overview

Description: Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed formula, which triggers "pointer corruption" during the loading of formulas from this spreadsheet, aka "File Format Parsing Vulnerability."
Source: secure@microsoft.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-399

Hype score: Not currently trending

Evaluator

Comment: http://www.microsoft.com/technet/security/Bulletin/MS08-074.mspx File Format Parsing Vulnerability - CVE-2008-4264 A remote code execution vulnerability exists in Microsoft Office Excel as a result of pointer corruption when loading Excel formulas. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed formula. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "806086B6-AB83-4008-A1A2-73BC35A95925"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_excel:2002:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECDF1C1D-EF63-4A3E-AEE2-2D2D9FDBF368"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD22DBA8-40B0-4197-9D56-38D5D9E1ED89"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_excel:2007:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3BCABD31-F406-4184-97AF-21AD95353D26"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "297A9F48-13DF-4042-AC21-B8B764B217BE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:20007_office_system:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B507F860-5D28-4E86-8F61-FC71F4C030C3"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:20007_office_system:sp1:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F9A0B1B7-21A7-4038-8738-02AFADAAB06D"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD97FF64-64A5-467C-B352-45B89B4A6536"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BB3D66F-9028-4703-9D6A-629331EEB492"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B18C291F-57C2-4328-8FCF-3C1A27B0D18D"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References