CVE-2007-1756

2007-07-1022:30:00

[email protected]

web.nvd.nist.gov

excel

validation

arbitrary code execution

user-assisted

remote attackers

cve-2007-1756

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.755 High

EPSS

Percentile

98.2%

JSON

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka “Calculation Error Vulnerability”.

Affected configurations

NVD

Node

microsoftexcelMatch2000sp3

microsoftexcelMatch2002sp3

microsoftexcelMatch2003sp2

microsoftexcelMatch2007

microsoftexcel_viewerMatch2003

microsoftofficeMatch2000sp3

microsoftofficeMatch2003

microsoftofficeMatch2003sp2

microsoftofficeMatch2007

microsoftofficeMatchxpsp3

CPENameOperatorVersion
microsoft:excelmicrosoft exceleq2000
microsoft:excelmicrosoft exceleq2002
microsoft:excelmicrosoft exceleq2003
microsoft:excelmicrosoft exceleq2007
microsoft:excel_viewermicrosoft excel viewereq2003
microsoft:officemicrosoft officeeq2000
microsoft:officemicrosoft officeeq2003
microsoft:officemicrosoft officeeq2007
microsoft:officemicrosoft officeeqxp

CPE	Name	Operator	Version
microsoft:excel	microsoft excel	eq	2000
microsoft:excel	microsoft excel	eq	2002
microsoft:excel	microsoft excel	eq	2003
microsoft:excel	microsoft excel	eq	2007
microsoft:excel_viewer	microsoft excel viewer	eq	2003
microsoft:office	microsoft office	eq	2000
microsoft:office	microsoft office	eq	2003
microsoft:office	microsoft office	eq	2007
microsoft:office	microsoft office	eq	xp