CVE-2008-3006

2008-08-1223:41:00

CWE-399

[email protected]

web.nvd.nist.gov

microsoft office

excel

sharepoint

remote attack

arbitrary code

vulnerability

cve-2008-3006

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.757 High

EPSS

Percentile

98.2%

JSON

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse Country record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the “Excel Record Parsing Vulnerability.”

CPENameOperatorVersion
microsoft:office_excel_viewermicrosoft office excel viewereq2003
microsoft:office_compatibility_packmicrosoft office compatibility packeq2007
microsoft:officemicrosoft officeeqxp
microsoft:officemicrosoft officeeq2003
microsoft:sharepoint_servermicrosoft sharepoint servereq2007
microsoft:officemicrosoft officeeq2007
microsoft:officemicrosoft officeeq2000
microsoft:officemicrosoft officeeq2008
microsoft:officemicrosoft officeeq2004

CPE	Name	Operator	Version
microsoft:office_excel_viewer	microsoft office excel viewer	eq	2003
microsoft:office_compatibility_pack	microsoft office compatibility pack	eq	2007
microsoft:office	microsoft office	eq	xp
microsoft:office	microsoft office	eq	2003
microsoft:sharepoint_server	microsoft sharepoint server	eq	2007
microsoft:office	microsoft office	eq	2007
microsoft:office	microsoft office	eq	2000
microsoft:office	microsoft office	eq	2008
microsoft:office	microsoft office	eq	2004