9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.53 Medium
EPSS
Percentile
97.5%
Added: 09/24/2008
CVE: CVE-2008-3005
BID: 30639
OSVDB: 47408
Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.
A memory corruption vulnerability allows command execution when a user opens a spreadsheet with a specially crafted array index for a FORMAT record.
Apply the fix referenced in Microsoft Security Bulletin 08-043.
<http://www.microsoft.com/technet/security/bulletin/MS08-043.mspx>
Exploit works on Microsoft Excel 2000 SP3 with Security Patch KB946979 (MS08-014) and requires a user to open the exploit file in Microsoft Excel.
Windows