SAINT CorporationSAINT:6692581D64325BD109128F6D963F1E67Microsoft Excel rtAFDesc record invalid pointer access
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
98.6%
Added: 01/17/2008
CVE: CVE-2008-0081
BID: 27305
OSVDB: 40344
Background
Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms.
Problem
Microsoft Excel references an uninitialized pointer if a spreadsheet contains an improperly placed rtAFDesc record. This can lead to arbitrary command execution when a user opens a specially crafted file.
Resolution
Refer to Microsoft Security Advisory 947563 and apply a patch when available.
References
<http://www.microsoft.com/technet/security/advisory/947563.mspx>
Limitations
Exploit works on Microsoft Excel 2003 Service Pack 2 with patch KB940602 and requires a user to open the exploit file in Microsoft Excel.
The success of this exploit may depend on the state of the target system at the time the exploit is attempted.
Platforms
Windows 2000
Windows XP SP1
Windows XP SP2
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
98.6%