CVE-2007-3890

2007-08-1421:17:00

[email protected]

web.nvd.nist.gov

microsoft

excel

memory corruption

vulnerability

cve-2007-3890

nvd

office 2000

office xp

office 2003

office 2004

remote code execution

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.363 Low

EPSS

Percentile

97.2%

JSON

Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.

Affected configurations

NVD

Node

microsoftexcelMatch2000sp3

microsoftexcelMatch2003sp2

microsoftexcelMatch2004mac

microsoftexcelMatchxp_sp3

microsoftofficeMatch2000sp3

microsoftofficeMatch2003sp2

microsoftofficeMatch2004mac

microsoftofficeMatchxpsp3

CPENameOperatorVersion
microsoft:excelmicrosoft exceleq2000
microsoft:excelmicrosoft exceleq2003
microsoft:excelmicrosoft exceleq2004
microsoft:excelmicrosoft exceleqxp_sp3
microsoft:officemicrosoft officeeq2000
microsoft:officemicrosoft officeeq2003
microsoft:officemicrosoft officeeq2004
microsoft:officemicrosoft officeeqxp

CPE	Name	Operator	Version
microsoft:excel	microsoft excel	eq	2000
microsoft:excel	microsoft excel	eq	2003
microsoft:excel	microsoft excel	eq	2004
microsoft:excel	microsoft excel	eq	xp_sp3
microsoft:office	microsoft office	eq	2000
microsoft:office	microsoft office	eq	2003
microsoft:office	microsoft office	eq	2004
microsoft:office	microsoft office	eq	xp