9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.932 High
EPSS
Percentile
99.0%
Added: 12/01/2010
CVE: CVE-2010-3335
BID: 44659
OSVDB: 69087
Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.
A use-after-free vulnerability during exception handling in Microsoft Office allows command execution when a user opens an Excel spreadsheet containing a specially crafted Office Art record.
Apply the patch referenced in Microsoft Security Bulletin 10-087.
<http://www.zerodayinitiative.com/advisories/ZDI-10-246/>
Exploit works on Microsoft Excel 2003 SP2 and 2007 SP2 and requires a user to open the exploit file in Microsoft Excel.
Execution of the exploit requires the Compress-Zlib PERL module.
Windows