CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.7%
Added: 07/08/2010
CVE: CVE-2010-1253
BID: 40531
OSVDB: 65228
Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.
A vulnerability in Microsoft Excel allows command execution when a user opens a spreadsheet file containing a specially crafted DBQueryExt record.
Apply the update referenced in Microsoft Security Bulletin 10-038.
<http://www.zerodayinitiative.com/advisories/ZDI-10-103/>
Exploit works on Microsoft Excel 2002 SP3 and requires a user to open the exploit file in Microsoft Excel.
There may be a delay before the exploit succeeds.
Windows