CVE-2010-2562

2010-08-1118:47:51

CWE-94

microsoft

web.nvd.nist.gov

cve-2010-2562

microsoft office

excel

memory corruption

vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

High

EPSS

0.969

Percentile

99.7%

JSON

Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka “Excel Memory Corruption Vulnerability.”

Affected configurations

Nvd

Node

microsoftexcelMatch2002sp3

microsoftexcelMatch2003sp3

microsoftofficeMatch2004mac

microsoftofficeMatch2008mac

microsoftopen_xml_file_format_convertermac

VendorProductVersionCPE
microsoftexcel2002cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*
microsoftexcel2003cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*
microsoftoffice2004cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
microsoftoffice2008cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
microsoftopen_xml_file_format_converter*cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	excel	2002	cpe:2.3:a:microsoft:excel:2002:sp3::::::
microsoft	excel	2003	cpe:2.3:a:microsoft:excel:2003:sp3::::::
microsoft	office	2004	cpe:2.3:a:microsoft:office:2004::mac:::::
microsoft	office	2008	cpe:2.3:a:microsoft:office:2008::mac:::::
microsoft	open_xml_file_format_converter	*	cpe:2.3:a:microsoft:open_xml_file_format_converter:::mac:::::*