Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:AC2DABF7921EF9F6B99E49E672826A6B
HistoryJan 11, 2007 - 12:00 a.m.

Microsoft Excel PALETTE record buffer overflow

2007-01-1100:00:00
SAINT Corporation
download.saintcorporation.com
5

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.89 High

EPSS

Percentile

98.7%

JSON

Added: 01/11/2007
CVE: CVE-2007-0031
BID: 21922
OSVDB: 31258

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms.

Problem

A buffer overflow vulnerability in Microsoft Excel allows command execution when a user opens a specially crafted BIFF8 spreadsheet with a long PALETTE record.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 07-002.

References

<http://www.microsoft.com/technet/security/bulletin/MS07-002.mspx&gt;
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=461&gt;

Limitations

Exploit works on Microsoft Excel 2000 9.0.3821 SR-1.

Exploit requires a user to download the exploit file and open it in Microsoft Excel.

Platforms

Windows

Related

prion 1
saint 3
cert 1
securityvulns 3
checkpoint_advisories 1
cve 1
nessus 1
prion
prion
Heap overflow
2007-01-09 23:28:00
saint
saint
Microsoft Excel PALETTE record buffer overflow
2007-01-11 00:00:00
Microsoft Excel PALETTE record buffer overflow
2007-01-11 00:00:00
Microsoft Excel PALETTE record buffer overflow
2007-01-11 00:00:00
cert
cert
Microsoft Excel fails to properly parse malformed Palette records
2007-01-09 00:00:00
securityvulns
securityvulns
[Full-disclosure] iDefense Security Advisory 01.09.07: Microsoft Excel Long Palette Heap Overflow Vulnerability
2007-01-09 00:00:00
Microsoft Security Bulletin MS07-002 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution &#40;927198&#41;
2007-01-09 00:00:00
Multiple Microsoft Excel buffer oveflows
2007-02-01 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Excel Malformed Palette Record Memory Corruption (MS07-002; CVE-2007-0031)
2010-10-24 00:00:00
cve
cve
CVE-2007-0031
2007-01-09 23:28:00
nessus
nessus
MS07-002: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198)
2007-01-09 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.89 High

EPSS

Percentile

98.7%

JSON
Related for SAINT:AC2DABF7921EF9F6B99E49E672826A6B
prion1saint3cert1securityvulns3checkpoint_advisories1cve1nessus1