Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:69AF04FE481605B5801DB413BF8F407B
HistoryJul 08, 2010 - 12:00 a.m.

Microsoft Excel DBQueryExt record parsing vulnerability

2010-07-0800:00:00
SAINT Corporation
download.saintcorporation.com
10

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.878

Percentile

98.7%

JSON

Added: 07/08/2010
CVE: CVE-2010-1253
BID: 40531
OSVDB: 65228

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.

Problem

A vulnerability in Microsoft Excel allows command execution when a user opens a spreadsheet file containing a specially crafted DBQueryExt record.

Resolution

Apply the update referenced in Microsoft Security Bulletin 10-038.

References

<http://www.zerodayinitiative.com/advisories/ZDI-10-103/&gt;

Limitations

Exploit works on Microsoft Excel 2002 SP3 and requires a user to open the exploit file in Microsoft Excel.

There may be a delay before the exploit succeeds.

Platforms

Windows

Related

securityvulns 3
nvd 1
zdi 1
checkpoint_advisories 1
prion 1
cvelist 1
saint 3
cve 1
nessus 2
openvas 2
securityvulns
securityvulns
ZDI-10-103: Microsoft Office Excel DBQueryExt Record Unspecified ADO Object Remote Code Execution Vulnerability
2010-06-09 00:00:00
Microsoft Security Bulletin MS10-038 - Important Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution &#40;2027452&#41;
2010-06-09 00:00:00
Microsoft Office multiple security vulnerabilities
2010-06-14 00:00:00
nvd
nvd
CVE-2010-1253
2010-06-08 20:30:02
zdi
zdi
Microsoft Office Excel DBQueryExt Record Unspecified ADO Object Remote Code Execution Vulnerability
2010-06-08 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Excel DBQueryExt Record Memory Pointer Corruption (MS10-038; CVE-2010-1253)
2010-06-08 00:00:00
prion
prion
Design/Logic Flaw
2010-06-08 20:30:00
cvelist
cvelist
CVE-2010-1253
2010-06-08 20:00:00
saint
saint
Microsoft Excel DBQueryExt record parsing vulnerability
2010-07-08 00:00:00
Microsoft Excel DBQueryExt record parsing vulnerability
2010-07-08 00:00:00
Microsoft Excel DBQueryExt record parsing vulnerability
2010-07-08 00:00:00
cve
cve
CVE-2010-1253
2010-06-08 20:30:02
nessus
nessus
MS10-038: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2027452) (Mac OS X)
2010-10-20 00:00:00
MS10-038: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)
2010-06-09 00:00:00
openvas
openvas
Microsoft Office Excel Remote Code Execution Vulnerabilities (2027452)
2010-06-09 00:00:00
Microsoft Office Excel Remote Code Execution Vulnerabilities (2027452)
2010-06-09 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.878

Percentile

98.7%

JSON
Related for SAINT:69AF04FE481605B5801DB413BF8F407B
securityvulns3nvd1zdi1checkpoint_advisories1prion1cvelist1saint3cve1nessus2openvas2