CVE-2008-0116

2008-03-1123:44:00

CWE-94

CWE-20

[email protected]

web.nvd.nist.gov

microsoft excel

remote code execution

rich text

vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.7 High

AI Score

Confidence

High

0.69 Medium

EPSS

Percentile

98.0%

JSON

Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka “Excel Rich Text Validation Vulnerability.”

Affected configurations

NVD

Node

microsoftexcelMatch2000sp3

microsoftexcelMatch2002sp3

microsoftexcelMatch2003sp2

microsoftexcel_viewerMatch2003

microsoftofficeMatch2004mac

microsoftofficeMatch2008mac

microsoftoffice_compatibility_pack_for_word_excel_ppt_2007

CPENameOperatorVersion
microsoft:excelmicrosoft exceleq2000
microsoft:excelmicrosoft exceleq2002
microsoft:excelmicrosoft exceleq2003
microsoft:excel_viewermicrosoft excel viewereq2003
microsoft:officemicrosoft officeeq2004
microsoft:officemicrosoft officeeq2008
microsoft:office_compatibility_pack_for_word_excel_ppt_2007microsoft office compatibility pack for word excel ppt 2007eq*

CPE	Name	Operator	Version
microsoft:excel	microsoft excel	eq	2000
microsoft:excel	microsoft excel	eq	2002
microsoft:excel	microsoft excel	eq	2003
microsoft:excel_viewer	microsoft excel viewer	eq	2003
microsoft:office	microsoft office	eq	2004
microsoft:office	microsoft office	eq	2008
microsoft:office_compatibility_pack_for_word_excel_ppt_2007	microsoft office compatibility pack for word excel ppt 2007	eq	*