[email protected]CVE-2008-3003

HistoryAug 12, 2008 - 11:41 p.m.

CVE-2008-3003

2008-08-1223:41:00

CWE-20

[email protected]

web.nvd.nist.gov

microsoft office

excel

cve-2008-3003

vulnerability

security

pwd

password

remote data

5.8 Medium

AI Score

Confidence

Low

6.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:C/A:N

0.0004 Low

EPSS

Percentile

0.4%

JSON

Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the “Excel Credential Caching Vulnerability.”

CPENameOperatorVersion
microsoft:officemicrosoft officeeq2007

CPE	Name	Operator	Version
microsoft:office	microsoft office	eq	2007

References

marc.info/?l=bugtraq&m=121915960406986&w=2

secunia.com/advisories/31454

www.securityfocus.com/bid/30641

www.securitytracker.com/id?1020669

www.us-cert.gov/cas/techalerts/TA08-225A.html

www.vupen.com/english/advisories/2008/2347

docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-043

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5951

5.8 Medium

AI Score

Confidence

Low

6.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:C/A:N

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2008-3003

seebug1 prion1 securityvulns2 openvas2 nessus2