Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:0DC3503C653EADCF2025A4C9FA104662
HistoryDec 18, 2008 - 12:00 a.m.

Microsoft Excel TXO and OBJ record parsing memory corruption

2008-12-1800:00:00
SAINT Corporation
download.saintcorporation.com
16

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.917

Percentile

99.0%

JSON

Added: 12/18/2008
CVE: CVE-2008-4265
BID: 32618
OSVDB: 50556

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.

Problem

A memory corruption vulnerability allows command execution when a user opens an Excel spreadsheet containing specially crafted TXO and OBJ records.

Resolution

Apply the update referenced in Microsoft Security Bulletin 08-074.

References

<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=763&gt;

Limitations

Exploit works on Microsoft Excel 2000 SP3 and requires a user to open the exploit file.

After opening the exploit file, there may be a delay before the connection is established.

Platforms

Windows 2000
Windows XP

Related

prion 1
saint 3
securityvulns 3
cve 1
cvelist 1
nvd 1
checkpoint_advisories 2
openvas 2
nessus 1
seebug 1
prion
prion
Format string
2008-12-10 14:00:00
saint
saint
Microsoft Excel TXO and OBJ record parsing memory corruption
2008-12-18 00:00:00
Microsoft Excel TXO and OBJ record parsing memory corruption
2008-12-18 00:00:00
Microsoft Excel TXO and OBJ record parsing memory corruption
2008-12-18 00:00:00
securityvulns
securityvulns
iDefense Security Advisory 12.10.08: Microsoft Excel Malformed Object Memoy Corruption Vulnerability
2008-12-11 00:00:00
Microsoft Security Bulletin MS08-074 - Critical Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution &#40;959070&#41;
2008-12-10 00:00:00
Microsoft Office multiple security vulnerabilities
2008-12-11 00:00:00
cve
cve
CVE-2008-4265
2008-12-10 14:00:01
cvelist
cvelist
CVE-2008-4265
2008-12-10 13:33:00
nvd
nvd
CVE-2008-4265
2008-12-10 14:00:01
checkpoint_advisories
checkpoint_advisories
Microsoft Excel TXO and OBJ Records Parsing Memory Corruption (MS08-074; CVE-2008-4265; CVE-2009-0100)
2009-04-14 00:00:00
Microsoft Excel TXO and OBJ Records Parsing Memory Corruption (MS08-074; CVE-2008-4265; CVE-2009-0100)
2009-04-14 00:00:00
openvas
openvas
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)
2008-12-10 00:00:00
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)
2008-12-10 00:00:00
nessus
nessus
MS08-074: Microsoft Excel Multiple Method Remote Code Execution (959070)
2008-12-10 00:00:00
seebug
seebug
Microsoft Excel畸形对象解析远程代码执行漏洞(MS08-074)
2008-12-11 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.917

Percentile

99.0%

JSON
Related for SAINT:0DC3503C653EADCF2025A4C9FA104662
prion1saint3securityvulns3cve1cvelist1nvd1checkpoint_advisories2openvas2nessus1seebug1