PRIOn knowledge basePRION:CVE-2008-3003

HistoryAug 12, 2008 - 11:41 p.m.

Design/Logic Flaw

2008-08-1223:41:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

Low

6.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:C/A:N

0.0004 Low

EPSS

Percentile

0.4%

JSON

Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the “Excel Credential Caching Vulnerability.”

CPENameOperatorVersion
officeeq2007 sp1
officeeq2007 gold
officeeq2007

Name	Operator	Version
office	eq	2007 sp1
office	eq	2007 gold
office	eq	2007

References

secunia.com/advisories/31454

www.securityfocus.com/bid/30641

www.securitytracker.com/id?1020669

www.us-cert.gov/cas/techalerts/TA08-225A.html

www.vupen.com/english/advisories/2008/2347

docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-043

marc.info/?l=bugtraq&m=121915960406986&w=2

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5951

6.2 Medium

AI Score

Confidence

Low

6.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:C/A:N

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for PRION:CVE-2008-3003