Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:7BE99614B323723699A29842CFAF5AD1
HistoryOct 24, 2008 - 12:00 a.m.

Microsoft Excel formula parsing integer overflow

2008-10-2400:00:00
SAINT Corporation
download.saintcorporation.com
13

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.87

Percentile

98.7%

JSON

Added: 10/24/2008
CVE: CVE-2008-4019
BID: 31706
OSVDB: 49078

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.

Problem

An integer overflow in the REPT function allows command execution when a user loads an Excel file containing a specially crafted formula within a cell.

Resolution

Install the patch referenced in Microsoft Security Bulletin 08-057.

References

<http://www.microsoft.com/technet/security/bulletin/MS08-057.mspx&gt;

Limitations

Exploit works on Microsoft Excel 2003 SP3 and requires a user to open the exploit file.

There may be a delay before the connection is established after the user opens the file.

Platforms

Windows

Related

checkpoint_advisories 2
prion 1
saint 3
cvelist 1
cve 1
nvd 1
seebug 1
zdi 1
nessus 2
openvas 2
securityvulns 2
checkpoint_advisories
checkpoint_advisories
Microsoft Excel REPT Function Integer Overflow (MS08-057) - Ver2 (CVE-2008-4019)
2014-04-16 00:00:00
Microsoft Excel REPT Function Integer Overflow (MS08-057; CVE-2008-4019)
2010-10-24 00:00:00
prion
prion
Integer overflow
2008-10-15 00:12:00
saint
saint
Microsoft Excel formula parsing integer overflow
2008-10-24 00:00:00
Microsoft Excel formula parsing integer overflow
2008-10-24 00:00:00
Microsoft Excel formula parsing integer overflow
2008-10-24 00:00:00
cvelist
cvelist
CVE-2008-4019
2008-10-15 00:00:00
cve
cve
CVE-2008-4019
2008-10-15 00:12:15
nvd
nvd
CVE-2008-4019
2008-10-15 00:12:15
seebug
seebug
Microsoft Excelε…¬εΌθ§£ζžζ•΄ζ•°ζΊ’ε‡ΊζΌζ΄žοΌˆMS08-057οΌ‰
2008-10-16 00:00:00
zdi
zdi
Microsoft Office Excel REPT Formula Parsing Remote Code Execution Vulnerability
2008-10-14 00:00:00
nessus
nessus
MS08-057: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416) (Mac OS X)
2010-10-20 00:00:00
MS08-057: Microsoft Excel Multiple Method Remote Code Execution (956416)
2008-10-15 00:00:00
openvas
openvas
Microsoft Excel Remote Code Execution Vulnerability (956416)
2008-10-15 00:00:00
Microsoft Excel Remote Code Execution Vulnerability (956416)
2008-10-15 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS08-057 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution &#40;956416&#41;
2008-10-14 00:00:00
Microsoft Office multiple security vulnerabilities
2008-10-15 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.87

Percentile

98.7%

JSON
Related for SAINT:7BE99614B323723699A29842CFAF5AD1
checkpoint_advisories2prion1saint3cvelist1cve1nvd1seebug1zdi1nessus2openvas2securityvulns2