CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.9%
Added: 03/11/2010
CVE: CVE-2010-0264
BID: 38555
OSVDB: 62823
Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.
A memory corruption vulnerability in Microsoft Excel allows command execution when a user opens an XLS file containing a specially crafted DbOrParamQry record.
Apply the patch referenced in MS10-017.
<http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0174.html>
Exploit works on Microsoft Office Excel 2002 and requires a user to open the exploit file in Microsoft Excel. The file then needs to be closed before the exploit can succeed. There may be a delay before the shell connection is established.
There may be a delay after the exploit is started before it can begin handling HTTP requests.
The PERL modules ‘IO::Uncompress’ and ‘Compress::Zlib’ are required by this exploit.
Windows