Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:1B34A64128AD5438510F6E0CA64940E5
HistoryJan 17, 2008 - 12:00 a.m.

Microsoft Excel rtAFDesc record invalid pointer access

2008-01-1700:00:00
SAINT Corporation
www.saintcorporation.com
17

EPSS

0.844

Percentile

98.6%

JSON

Added: 01/17/2008
CVE: CVE-2008-0081
BID: 27305
OSVDB: 40344

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms.

Problem

Microsoft Excel references an uninitialized pointer if a spreadsheet contains an improperly placed rtAFDesc record. This can lead to arbitrary command execution when a user opens a specially crafted file.

Resolution

Refer to Microsoft Security Advisory 947563 and apply a patch when available.

References

<http://www.microsoft.com/technet/security/advisory/947563.mspx&gt;

Limitations

Exploit works on Microsoft Excel 2003 Service Pack 2 with patch KB940602 and requires a user to open the exploit file in Microsoft Excel.

The success of this exploit may depend on the state of the target system at the time the exploit is attempted.

Platforms

Windows 2000
Windows XP SP1
Windows XP SP2

Related

seebug 2
checkpoint_advisories 4
saint 3
prion 1
cvelist 1
cve 1
nvd 1
nessus 2
securityvulns 2
seebug
seebug
Microsoft Excel头字段解析远程代码执行漏洞
2008-01-22 00:00:00
Microsoft Excel多个远程代码执行漏洞(MS08-014)
2008-03-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Excel Version Information Handling Code Execution (MS07-036) - Ver2 (CVE-2008-0081)
2014-04-16 00:00:00
Preemptive Protection against Microsoft Excel Macro Validation Remote Code Execution Vulnerability (MS08-014)
2008-03-11 00:00:00
Microsoft Excel Version Information Handling Code Execution (MS07-036; CVE-2007-1756; CVE-2007-3030; CVE-2008-0081)
2007-07-10 00:00:00
saint
saint
Microsoft Excel rtAFDesc record invalid pointer access
2008-01-17 00:00:00
Microsoft Excel rtAFDesc record invalid pointer access
2008-01-17 00:00:00
Microsoft Excel rtAFDesc record invalid pointer access
2008-01-17 00:00:00
prion
prion
Input validation
2008-01-16 23:00:00
cvelist
cvelist
CVE-2008-0081
2008-01-16 22:00:00
cve
cve
CVE-2008-0081
2008-01-16 23:00:00
nvd
nvd
CVE-2008-0081
2008-01-16 23:00:00
nessus
nessus
MS08-014: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)
2008-03-11 00:00:00
MS08-014 / MS08-016: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949029 / 949030) (Mac OS X)
2010-10-20 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS08-014 - Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution &#40;949029&#41;
2008-03-12 00:00:00
Microsoft Office / Excel / Outlook / Web Components multiple security vulnerabilities
2008-03-22 00:00:00

EPSS

0.844

Percentile

98.6%

JSON
Related for SAINT:1B34A64128AD5438510F6E0CA64940E5
seebug2checkpoint_advisories4saint3prion1cvelist1cve1nvd1nessus2securityvulns2