7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.775 High
EPSS
Percentile
98.2%
Microsoft has released a bulletin describing a remotely exploitable vulnerability in its Excel spreadsheet program. The vulnerability affects versions of Excel on Windows, MacOS 9, and MacOS X operating systems.
There is a remotely exploitable vulnerability in Microsoft Excel which involves insufficient validation of certain parameters when opening files. According to Microsoft, attackers may be able to exploit this vulnerability and execute arbitrary code with the privleges of the user. The vulnerability affects versions of Excel on Windows, MacOS 9, and MacOS X operating systems.
The updates in Microsoft Security Bulletin MS04-033 are replacements for the security updates in MS03-050.
Microsoft has reported this vulnerability can be exploited by remote attackers and cause arbitrary code to be executed with the privileges of the user.
Apply the Office update identified in Microsoft Security Bulletin MS04-033.
Per Microsoft Security Bulletin MS04-033:
* Office XP Service Pack 3 is not affected by this vulnerability
* Office 2003 and Office 2003 Service Pack 1 are not affected by this vulnerability.
* Excel 2004 for Mac is not affected by this vulnerability
274496
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: October 12, 2004
Affected
The vendor has not provided us with any further information regarding this vulnerability.
Please see Windows Security Updates for October 2004 at <http://www.microsoft.com/security/bulletins/200410_windows.mspx> for remediation. Please see Microsoft Security Bulletin MS04-033 at <http://www.microsoft.com/technet/security/bulletin/MS04-033.mspx> for technical details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23274496 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Microsoft has credited Brett Moore of Security-Assessment.com for reporting this vulnerability.
This document was written by Jeffrey S. Havrilla.
CVE IDs: | CVE-2004-0846 |
---|---|
Severity Metric: | 45.25 Date Public: |