9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.89 High
EPSS
Percentile
98.4%
Added: 01/11/2007
CVE: CVE-2007-0031
BID: 21922
OSVDB: 31258
Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms.
A buffer overflow vulnerability in Microsoft Excel allows command execution when a user opens a specially crafted BIFF8 spreadsheet with a long PALETTE record.
Apply the patch referenced in Microsoft Security Bulletin 07-002.
<http://www.microsoft.com/technet/security/bulletin/MS07-002.mspx>
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=461>
Exploit works on Microsoft Excel 2000 9.0.3821 SR-1.
Exploit requires a user to download the exploit file and open it in Microsoft Excel.
Windows