Lucene search

SAINT CorporationSAINT:5151482A33A9FB1BC6D507FFECE3EF3A

HistoryJul 08, 2010 - 12:00 a.m.

Microsoft Excel DBQueryExt record parsing vulnerability

2010-07-0800:00:00

SAINT Corporation

my.saintcorporation.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.925 High

EPSS

Percentile

98.9%

JSON

Added: 07/08/2010
CVE: CVE-2010-1253
BID: 40531
OSVDB: 65228

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.

Problem

A vulnerability in Microsoft Excel allows command execution when a user opens a spreadsheet file containing a specially crafted DBQueryExt record.

Resolution

Apply the update referenced in Microsoft Security Bulletin 10-038.

References

<http://www.zerodayinitiative.com/advisories/ZDI-10-103/>

Limitations

Exploit works on Microsoft Excel 2002 SP3 and requires a user to open the exploit file in Microsoft Excel.

There may be a delay before the exploit succeeds.

Platforms

Windows

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.925 High

EPSS

Percentile

98.9%

JSON

Related for SAINT:5151482A33A9FB1BC6D507FFECE3EF3A