CVE-2010-1250

2010-06-0820:30:02

CWE-94

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.952

Percentile

99.4%

JSON

Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka “Excel EDG Memory Corruption Vulnerability.”

Affected configurations

Nvd

Node

microsoftexcelMatch2002sp3

Node

microsoftofficeMatch2004mac

microsoftofficeMatch2008mac

microsoftopen_xml_file_format_convertermac

VendorProductVersionCPE
microsoftexcel2002cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*
microsoftoffice2004cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
microsoftoffice2008cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
microsoftopen_xml_file_format_converter*cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	excel	2002	cpe:2.3:a:microsoft:excel:2002:sp3::::::
microsoft	office	2004	cpe:2.3:a:microsoft:office:2004::mac:::::
microsoft	office	2008	cpe:2.3:a:microsoft:office:2008::mac:::::
microsoft	open_xml_file_format_converter	*	cpe:2.3:a:microsoft:open_xml_file_format_converter:::mac:::::*