Lucene search

MicrosoftCVE-2010-0262

HistoryMar 10, 2010 - 10:30 p.m.

CVE-2010-0262

2010-03-1022:30:01

CWE-94

microsoft

web.nvd.nist.gov

cve-2010-0262

microsoft office

excel

sp1

sp2

office 2004

mac

vulnerability

security

remote code execution

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

High

EPSS

0.808

Percentile

98.4%

JSON

Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka “Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability.”

Affected configurations

Nvd

Node

microsoftexcelMatch2002sp3

microsoftexcelMatch2003sp3

microsoftexcelMatch2007sp1

microsoftexcelMatch2007sp2

microsoftofficeMatch2004mac

microsoftofficeMatch2008mac

microsoftoffice_compatibility_packMatch2007sp1

microsoftoffice_compatibility_packMatch2007sp2

microsoftoffice_excel_viewersp1

microsoftoffice_excel_viewersp2

microsoftoffice_sharepoint_serverMatch2007sp1x32

microsoftoffice_sharepoint_serverMatch2007sp1x64

microsoftoffice_sharepoint_serverMatch2007sp2x32

microsoftoffice_sharepoint_serverMatch2007sp2x64

microsoftopen_xml_file_format_convertermac

VendorProductVersionCPE
microsoftexcel2002cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*
microsoftexcel2003cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*
microsoftexcel2007cpe:2.3:a:microsoft:excel:2007:sp1:*:*:*:*:*:*
microsoftexcel2007cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*
microsoftoffice2004cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
microsoftoffice2008cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
microsoftoffice_compatibility_pack2007cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*
microsoftoffice_compatibility_pack2007cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*
microsoftoffice_excel_viewer*cpe:2.3:a:microsoft:office_excel_viewer:*:sp1:*:*:*:*:*:*
microsoftoffice_excel_viewer*cpe:2.3:a:microsoft:office_excel_viewer:*:sp2:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	excel	2002	cpe:2.3:a:microsoft:excel:2002:sp3::::::
microsoft	excel	2003	cpe:2.3:a:microsoft:excel:2003:sp3::::::
microsoft	excel	2007	cpe:2.3:a:microsoft:excel:2007:sp1::::::
microsoft	excel	2007	cpe:2.3:a:microsoft:excel:2007:sp2::::::
microsoft	office	2004	cpe:2.3:a:microsoft:office:2004::mac:::::
microsoft	office	2008	cpe:2.3:a:microsoft:office:2008::mac:::::
microsoft	office_compatibility_pack	2007	cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1::::::
microsoft	office_compatibility_pack	2007	cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2::::::
microsoft	office_excel_viewer	*	cpe:2.3:a:microsoft:office_excel_viewer::sp1::::::*
microsoft	office_excel_viewer	*	cpe:2.3:a:microsoft:office_excel_viewer::sp2::::::*