CVE-2008-0111

2008-03-1123:44:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2008-0111

microsoft excel

vulnerability

remote code execution

data validation

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.7 High

AI Score

Confidence

High

0.764 High

EPSS

Percentile

98.2%

JSON

Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka “Excel Data Validation Record Vulnerability.”

Affected configurations

NVD

Node

microsoftexcelMatch2000sp3

microsoftexcelMatch2002sp3

microsoftexcelMatch2003sp2

microsoftexcel_viewerMatch2003

microsoftofficeMatch2004mac

microsoftofficeMatch2007

microsoftoffice_compatibility_pack_for_word_excel_ppt_2007

CPENameOperatorVersion
microsoft:excelmicrosoft exceleq2000
microsoft:excelmicrosoft exceleq2002
microsoft:excelmicrosoft exceleq2003
microsoft:excel_viewermicrosoft excel viewereq2003
microsoft:officemicrosoft officeeq2004
microsoft:officemicrosoft officeeq2007
microsoft:office_compatibility_pack_for_word_excel_ppt_2007microsoft office compatibility pack for word excel ppt 2007eq*

CPE	Name	Operator	Version
microsoft:excel	microsoft excel	eq	2000
microsoft:excel	microsoft excel	eq	2002
microsoft:excel	microsoft excel	eq	2003
microsoft:excel_viewer	microsoft excel viewer	eq	2003
microsoft:office	microsoft office	eq	2004
microsoft:office	microsoft office	eq	2007
microsoft:office_compatibility_pack_for_word_excel_ppt_2007	microsoft office compatibility pack for word excel ppt 2007	eq	*