Lucene search

SAINT CorporationSAINT:4FB2B8230025F5AED01D6CFE33244500

HistoryMar 14, 2008 - 12:00 a.m.

Microsoft Excel conditional formatting vulnerability

2008-03-1400:00:00

SAINT Corporation

my.saintcorporation.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.713

Percentile

98.1%

JSON

Added: 03/14/2008
CVE: CVE-2008-0117
BID: 28170
OSVDB: 42731

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.

Problem

A vulnerability in Microsoft Excel allows command execution when a user opens a file containing specially crafted conditional formatting values.

Resolution

See Microsoft Security Bulletin 08-014 for update information.

References

<http://www.microsoft.com/technet/security/bulletin/MS08-014.mspx>

Limitations

Exploit works on Microsoft Excel 2002 SP3 and requires a user to open a specially crafted file in Microsoft Excel.

Platforms

Windows 2000
Windows XP

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.713

Percentile

98.1%

JSON

Related for SAINT:4FB2B8230025F5AED01D6CFE33244500