CVE-2010-1250

2010-06-0820:30:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2010-1250

microsoft

office

excel

mac

open xml

buffer overflow

remote execution

vulnerability

8 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.953 High

EPSS

Percentile

99.4%

JSON

Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka “Excel EDG Memory Corruption Vulnerability.”

CPENameOperatorVersion
microsoft:excelmicrosoft exceleq2002
microsoft:open_xml_file_format_convertermicrosoft open xml file format convertereq*
microsoft:officemicrosoft officeeq2008
microsoft:officemicrosoft officeeq2004

CPE	Name	Operator	Version
microsoft:excel	microsoft excel	eq	2002
microsoft:open_xml_file_format_converter	microsoft open xml file format converter	eq	*
microsoft:office	microsoft office	eq	2008
microsoft:office	microsoft office	eq	2004