Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:0032714EB00ED88194947D59DCD73DE0
HistoryMar 11, 2010 - 12:00 a.m.

Microsoft Excel DbOrParamQry memory corruption

2010-03-1100:00:00
SAINT Corporation
download.saintcorporation.com
16

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.925 High

EPSS

Percentile

98.7%

JSON

Added: 03/11/2010
CVE: CVE-2010-0264
BID: 38555
OSVDB: 62823

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.

Problem

A memory corruption vulnerability in Microsoft Excel allows command execution when a user opens an XLS file containing a specially crafted DbOrParamQry record.

Resolution

Apply the patch referenced in MS10-017.

References

<http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0174.html&gt;

Limitations

Exploit works on Microsoft Office Excel 2002 and requires a user to open the exploit file in Microsoft Excel. The file then needs to be closed before the exploit can succeed. There may be a delay before the shell connection is established.

There may be a delay after the exploit is started before it can begin handling HTTP requests.

The PERL modules β€˜IO::Uncompress’ and β€˜Compress::Zlib’ are required by this exploit.

Platforms

Windows

Related

checkpoint_advisories 1
saint 3
prion 1
seebug 1
securityvulns 3
coresecurity 1
cve 1
nessus 2
openvas 2
checkpoint_advisories
checkpoint_advisories
Microsoft Excel DbOrParamQry Record Parsing Code Execution (MS10-017; CVE-2010-0264)
2010-03-09 00:00:00
saint
saint
Microsoft Excel DbOrParamQry memory corruption
2010-03-11 00:00:00
Microsoft Excel DbOrParamQry memory corruption
2010-03-11 00:00:00
Microsoft Excel DbOrParamQry memory corruption
2010-03-11 00:00:00
prion
prion
Format string
2010-03-10 22:30:00
seebug
seebug
Microsoft Excel DbOrParamQryε―Ήθ±‘θ§£ζžε†…ε­˜η ΄εζΌζ΄žοΌˆMS10-017οΌ‰
2010-03-10 00:00:00
securityvulns
securityvulns
CORE-2009-1103: Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability
2010-03-10 00:00:00
Microsoft Excel multiple security vulnerabilities
2010-03-11 00:00:00
Microsoft Security Bulletin MS10-017 - Important Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution &#40;980150&#41;
2010-03-10 00:00:00
coresecurity
coresecurity
Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability
2010-03-09 00:00:00
cve
cve
CVE-2010-0264
2010-03-10 22:30:00
nessus
nessus
MS10-017: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150) (Mac OS X)
2010-10-20 00:00:00
MS10-017: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)
2010-03-09 00:00:00
openvas
openvas
Microsoft Office Excel Multiple Vulnerabilities (980150)
2010-03-10 00:00:00
Microsoft Office Excel Multiple Vulnerabilities (980150)
2010-03-10 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.925 High

EPSS

Percentile

98.7%

JSON
Related for SAINT:0032714EB00ED88194947D59DCD73DE0
checkpoint_advisories1saint3prion1seebug1securityvulns3coresecurity1cve1nessus2openvas2