Lucene search

[email protected]CVE-2008-4019

HistoryOct 15, 2008 - 12:12 a.m.

CVE-2008-4019

2008-10-1500:12:15

CWE-190

[email protected]

web.nvd.nist.gov

cve-2008-4019

integer overflow

microsoft excel

nvd

remote code execution

formula parsing vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.892 High

EPSS

Percentile

98.8%

JSON

Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka “Formula Parsing Vulnerability.”

Affected configurations

NVD

Node

microsoftexcelMatch2003sp2

microsoftexcelMatch2003sp3

microsoftexcelMatch2007-

microsoftexcelMatch2007sp1

microsoftexcel_viewerMatch-

microsoftexcel_viewerMatch2003-

microsoftexcel_viewerMatch2003sp3

microsoftofficeMatch2004macos

microsoftofficeMatch2008macos

microsoftoffice_compatibility_packMatch2007-

microsoftoffice_compatibility_packMatch2007sp1

microsoftopen_xml_file_format_converterMatch-macos

microsoftsharepoint_serverMatch2007x64

microsoftsharepoint_serverMatch2007-

microsoftsharepoint_serverMatch2007sp1

microsoftsharepoint_serverMatch2007sp1x64

CPENameOperatorVersion
microsoft:excelmicrosoft exceleq2003
microsoft:excelmicrosoft exceleq2007
microsoft:excel_viewermicrosoft excel viewereq-
microsoft:excel_viewermicrosoft excel viewereq2003
microsoft:officemicrosoft officeeq2004
microsoft:officemicrosoft officeeq2008
microsoft:office_compatibility_packmicrosoft office compatibility packeq2007
microsoft:open_xml_file_format_convertermicrosoft open xml file format convertereq-
microsoft:sharepoint_servermicrosoft sharepoint servereq2007

CPE	Name	Operator	Version
microsoft:excel	microsoft excel	eq	2003
microsoft:excel	microsoft excel	eq	2007
microsoft:excel_viewer	microsoft excel viewer	eq	-
microsoft:excel_viewer	microsoft excel viewer	eq	2003
microsoft:office	microsoft office	eq	2004
microsoft:office	microsoft office	eq	2008
microsoft:office_compatibility_pack	microsoft office compatibility pack	eq	2007
microsoft:open_xml_file_format_converter	microsoft open xml file format converter	eq	-
microsoft:sharepoint_server	microsoft sharepoint server	eq	2007