CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.7%
Added: 10/24/2008
CVE: CVE-2008-4019
BID: 31706
OSVDB: 49078
Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.
An integer overflow in the REPT function allows command execution when a user loads an Excel file containing a specially crafted formula within a cell.
Install the patch referenced in Microsoft Security Bulletin 08-057.
<http://www.microsoft.com/technet/security/bulletin/MS08-057.mspx>
Exploit works on Microsoft Excel 2003 SP3 and requires a user to open the exploit file.
There may be a delay before the connection is established after the user opens the file.
Windows