Lucene search

K
saintSAINT CorporationSAINT:328BAB502C16F8AF6D2923C6240287CC
HistorySep 24, 2008 - 12:00 a.m.

Microsoft Excel FORMAT record array index memory corruption

2008-09-2400:00:00
SAINT Corporation
www.saintcorporation.com
14

0.483 Medium

EPSS

Percentile

97.1%

Added: 09/24/2008
CVE: CVE-2008-3005
BID: 30639
OSVDB: 47408

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.

Problem

A memory corruption vulnerability allows command execution when a user opens a spreadsheet with a specially crafted array index for a FORMAT record.

Resolution

Apply the fix referenced in Microsoft Security Bulletin 08-043.

References

<http://www.microsoft.com/technet/security/bulletin/MS08-043.mspx&gt;

Limitations

Exploit works on Microsoft Excel 2000 SP3 with Security Patch KB946979 (MS08-014) and requires a user to open the exploit file in Microsoft Excel.

Platforms

Windows

0.483 Medium

EPSS

Percentile

97.1%

Related for SAINT:328BAB502C16F8AF6D2923C6240287CC