Lucene search

MicrosoftCVE-2010-0260

HistoryMar 10, 2010 - 10:30 p.m.

CVE-2010-0260

2010-03-1022:30:01

CWE-94

microsoft

web.nvd.nist.gov

cve-2010-0260

microsoft

office

excel

buffer overflow

vulnerability

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

High

EPSS

0.62

Percentile

97.9%

JSON

Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which “a MDXTUPLE record is broken up into several records,” aka “Microsoft Office Excel MDXTUPLE Record Heap Overflow Vulnerability.”

Affected configurations

Nvd

Node

microsoftexcelMatch2002sp3

microsoftexcelMatch2003sp3

microsoftexcelMatch2007sp1

microsoftexcelMatch2007sp2

microsoftofficeMatch2004mac

microsoftofficeMatch2008mac

microsoftoffice_compatibility_packMatch2007sp1

microsoftoffice_compatibility_packMatch2007sp2

microsoftoffice_excel_viewersp1

microsoftoffice_excel_viewersp2

microsoftoffice_sharepoint_serverMatch2007sp1x32

microsoftoffice_sharepoint_serverMatch2007sp1x64

microsoftoffice_sharepoint_serverMatch2007sp2x32

microsoftoffice_sharepoint_serverMatch2007sp2x64

microsoftopen_xml_file_format_convertermac

VendorProductVersionCPE
microsoftexcel2002cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*
microsoftexcel2003cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*
microsoftexcel2007cpe:2.3:a:microsoft:excel:2007:sp1:*:*:*:*:*:*
microsoftexcel2007cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*
microsoftoffice2004cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
microsoftoffice2008cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
microsoftoffice_compatibility_pack2007cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*
microsoftoffice_compatibility_pack2007cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*
microsoftoffice_excel_viewer*cpe:2.3:a:microsoft:office_excel_viewer:*:sp1:*:*:*:*:*:*
microsoftoffice_excel_viewer*cpe:2.3:a:microsoft:office_excel_viewer:*:sp2:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	excel	2002	cpe:2.3:a:microsoft:excel:2002:sp3::::::
microsoft	excel	2003	cpe:2.3:a:microsoft:excel:2003:sp3::::::
microsoft	excel	2007	cpe:2.3:a:microsoft:excel:2007:sp1::::::
microsoft	excel	2007	cpe:2.3:a:microsoft:excel:2007:sp2::::::
microsoft	office	2004	cpe:2.3:a:microsoft:office:2004::mac:::::
microsoft	office	2008	cpe:2.3:a:microsoft:office:2008::mac:::::
microsoft	office_compatibility_pack	2007	cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1::::::
microsoft	office_compatibility_pack	2007	cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2::::::
microsoft	office_excel_viewer	*	cpe:2.3:a:microsoft:office_excel_viewer::sp1::::::*
microsoft	office_excel_viewer	*	cpe:2.3:a:microsoft:office_excel_viewer::sp2::::::*