Lucene search

[email protected]CVE-2008-4265

HistoryDec 10, 2008 - 2:00 p.m.

CVE-2008-4265

2008-12-1014:00:01

CWE-399

[email protected]

web.nvd.nist.gov

microsoft

excel

2000

sp3

remote code execution

file format parsing vulnerability

cve-2008-4265

nvd

memory corruption

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.953 High

EPSS

Percentile

99.4%

JSON

Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka “File Format Parsing Vulnerability.”

Affected configurations

NVD

Node

microsoftoffice_excelMatch2000sp3

microsoftoffice_excelMatch2002sp3

microsoftoffice_excelMatch2003sp3

microsoftoffice_excelMatch2007

microsoftoffice_excelMatch2007sp1

AND

microsoft20007_office_system

microsoft20007_office_systemMatchsp1

microsoftofficeMatch2000sp3

microsoftofficeMatch2003sp3

microsoftofficeMatchxpsp3

Node

microsoftofficeMatch2004mac

microsoftofficeMatch2008mac

microsoftoffice_compatibility_pack_for_word_excel_ppt_2007

microsoftoffice_compatibility_pack_for_word_excel_ppt_2007sp1

microsoftoffice_excel_viewer

microsoftoffice_excel_viewerMatch2003

microsoftoffice_excel_viewerMatch2003sp3

microsoftopen_xml_file_format_convertermac

CPENameOperatorVersion
microsoft:office_excelmicrosoft office exceleq2000
microsoft:office_excelmicrosoft office exceleq2002
microsoft:office_excelmicrosoft office exceleq2003

CPE	Name	Operator	Version
microsoft:office_excel	microsoft office excel	eq	2000
microsoft:office_excel	microsoft office excel	eq	2002
microsoft:office_excel	microsoft office excel	eq	2003