Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2008-3477

🗓️ 15 Oct 2008 00:00:00Reported by microsoftType 
cve
 cve🔗 web.nvd.nist.gov👁 61 Views

Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value

Related
Detection
Refs
ReporterTitlePublishedViews
Family
Check Point Advisories		Microsoft Excel VisualBasic Object Validation Code Execution (MS08-057; CVE-2008-3477)
14 Oct 200800:00
checkpoint_advisories
Check Point Advisories		Microsoft Excel Embedded Object Validation Integer Overflow - Ver2 (CVE-2008-3477)
3 Mar 201400:00
checkpoint_advisories
Cvelist		CVE-2008-3477
15 Oct 200800:00
cvelist
NVD		CVE-2008-3477
15 Oct 200800:12
nvd
OpenVAS		Microsoft Excel Remote Code Execution Vulnerability (956416)
15 Oct 200800:00
openvas
OpenVAS		Microsoft Excel Remote Code Execution Vulnerability (956416)
15 Oct 200800:00
openvas
Prion		Integer overflow
15 Oct 200800:12
prion
Positive Technologies		PT-2008-4872 · Microsoft · Office Excel
14 Oct 200800:00
ptsecurity
securityvulns		Microsoft Security Bulletin MS08-057 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)
14 Oct 200800:00
securityvulns
securityvulns		[Full-disclosure] iDefense Security Advisory 10.14.08: Microsoft Visual Basic for Applications - Multiple Vulnerabilities
15 Oct 200800:00
securityvulns
Rows per page
NVD
Node
microsoftinternet_explorerMatch5.01sp4
AND
microsoftwindows_2000sp4
Node
microsoftinternet_explorerMatch6
AND
microsoftwindows_server_2003sp1
OR
microsoftwindows_server_2003sp1itanium
OR
microsoftwindows_server_2003sp1x64
OR
microsoftwindows_server_2003sp2
OR
microsoftwindows_xpgoldprofessional_x64
OR
microsoftwindows_xpsp2
OR
microsoftwindows_xpsp2professional_x64
OR
microsoftwindows_xpsp3
Node
microsoftinternet_explorerMatch6sp1
AND
microsoftwindows_2000sp4
Node
microsoftinternet_explorerMatch7
AND
microsoftwindows_server_2003sp1
OR
microsoftwindows_server_2003sp1itanium
OR
microsoftwindows_server_2003sp1x64
OR
microsoftwindows_server_2003sp2
OR
microsoftwindows_server_2008itanium
OR
microsoftwindows_server_2008x32
OR
microsoftwindows_server_2008x64
OR
microsoftwindows_vistagold
OR
microsoftwindows_vistagoldx64
OR
microsoftwindows_vistasp1
OR
microsoftwindows_xpgoldprofessional_x64
OR
microsoftwindows_xpsp2
OR
microsoftwindows_xpsp2professional_x64
OR
microsoftwindows_xpsp3

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
23 Apr 2026 00:35Current
7.4High risk
Vulners AI Score7.4
CVSS 29.3
EPSS0.71275
CWE-399
cve-2008-3477microsoft excelvbaperformance cacheoffice documentembedded objectremote code executionheap-based buffer overflowsinteger overflowsarray index errorsmemory corruptioncalendar object validation vulnerabilitynvd
61