Lucene search

SAINT CorporationSAINT:4015FE667A9D8E188888A69FF033D63B

HistorySep 24, 2008 - 12:00 a.m.

Microsoft Excel FORMAT record array index memory corruption

2008-09-2400:00:00

SAINT Corporation

my.saintcorporation.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.53 Medium

EPSS

Percentile

97.5%

JSON

Added: 09/24/2008
CVE: CVE-2008-3005
BID: 30639
OSVDB: 47408

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.

Problem

A memory corruption vulnerability allows command execution when a user opens a spreadsheet with a specially crafted array index for a FORMAT record.

Resolution

Apply the fix referenced in Microsoft Security Bulletin 08-043.

References

<http://www.microsoft.com/technet/security/bulletin/MS08-043.mspx>

Limitations

Exploit works on Microsoft Excel 2000 SP3 with Security Patch KB946979 (MS08-014) and requires a user to open the exploit file in Microsoft Excel.

Platforms

Windows

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.53 Medium

EPSS

Percentile

97.5%

JSON

Related for SAINT:4015FE667A9D8E188888A69FF033D63B