CVE-2008-4266

2008-12-1014:00:01

CWE-399

[email protected]

web.nvd.nist.gov

cve-2008-4266

excel

microsoft office

vulnerability

remote code execution

nvd

stack corruption

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.267 Low

EPSS

Percentile

96.8%

JSON

Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel Viewer 2003 Gold and SP3; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Excel spreadsheet with a NAME record that contains an invalid index value, which triggers stack corruption, aka “Excel Global Array Memory Corruption Vulnerability.”

Affected configurations

NVD

Node

microsoftexcelMatch2000sp3

microsoftexcelMatch2002sp3

microsoftexcelMatch2003sp3

microsoftexcel_viewerMatch2003

microsoftexcel_viewerMatch2003sp3

microsoftofficeMatch2004mac

microsoftofficeMatch2008mac

microsoftopen_xml_file_format_convertermac

CPENameOperatorVersion
microsoft:excelmicrosoft exceleq2000
microsoft:excelmicrosoft exceleq2002
microsoft:excelmicrosoft exceleq2003
microsoft:excel_viewermicrosoft excel viewereq2003
microsoft:officemicrosoft officeeq2004
microsoft:officemicrosoft officeeq2008
microsoft:open_xml_file_format_convertermicrosoft open xml file format convertereq*

CPE	Name	Operator	Version
microsoft:excel	microsoft excel	eq	2000
microsoft:excel	microsoft excel	eq	2002
microsoft:excel	microsoft excel	eq	2003
microsoft:excel_viewer	microsoft excel viewer	eq	2003
microsoft:office	microsoft office	eq	2004
microsoft:office	microsoft office	eq	2008
microsoft:open_xml_file_format_converter	microsoft open xml file format converter	eq	*