CVE-2010-0260

2010-03-1022:30:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2010-0260

microsoft

office

excel

buffer overflow

vulnerability

nvd

7.9 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.877 High

EPSS

Percentile

98.6%

JSON

Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which “a MDXTUPLE record is broken up into several records,” aka “Microsoft Office Excel MDXTUPLE Record Heap Overflow Vulnerability.”

CPENameOperatorVersion
microsoft:open_xml_file_format_convertermicrosoft open xml file format convertereq*
microsoft:officemicrosoft officeeq2008
microsoft:office_excel_viewermicrosoft office excel viewereq*
microsoft:office_sharepoint_servermicrosoft office sharepoint servereq2007
microsoft:officemicrosoft officeeq2004
microsoft:excelmicrosoft exceleq2007
microsoft:office_compatibility_packmicrosoft office compatibility packeq2007
microsoft:excelmicrosoft exceleq2002
microsoft:excelmicrosoft exceleq2003

CPE	Name	Operator	Version
microsoft:open_xml_file_format_converter	microsoft open xml file format converter	eq	*
microsoft:office	microsoft office	eq	2008
microsoft:office_excel_viewer	microsoft office excel viewer	eq	*
microsoft:office_sharepoint_server	microsoft office sharepoint server	eq	2007
microsoft:office	microsoft office	eq	2004
microsoft:excel	microsoft excel	eq	2007
microsoft:office_compatibility_pack	microsoft office compatibility pack	eq	2007
microsoft:excel	microsoft excel	eq	2002
microsoft:excel	microsoft excel	eq	2003