CVE-2010-3241

2010-10-1319:00:46

CWE-20

[email protected]

web.nvd.nist.gov

cve-2010-3241

microsoft excel

office for mac

open xml file format converter

out-of-bounds memory write

parsing vulnerability

arbitrary code execution

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.731 High

EPSS

Percentile

98.1%

JSON

Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka “Out-of-Bounds Memory Write in Parsing Vulnerability.”

Affected configurations

NVD

Node

microsoftexcelMatch2002sp3

microsoftofficeMatch2004mac

microsoftofficeMatch2008mac

microsoftopen_xml_file_format_convertermac

CPENameOperatorVersion
microsoft:excelmicrosoft exceleq2002
microsoft:officemicrosoft officeeq2004
microsoft:officemicrosoft officeeq2008
microsoft:open_xml_file_format_convertermicrosoft open xml file format convertereq*

CPE	Name	Operator	Version
microsoft:excel	microsoft excel	eq	2002
microsoft:office	microsoft office	eq	2004
microsoft:office	microsoft office	eq	2008
microsoft:open_xml_file_format_converter	microsoft open xml file format converter	eq	*