9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.971 High
EPSS
Percentile
99.7%
Added: 12/18/2008
CVE: CVE-2008-4265
BID: 32618
OSVDB: 50556
Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.
A memory corruption vulnerability allows command execution when a user opens an Excel spreadsheet containing specially crafted TXO and OBJ records.
Apply the update referenced in Microsoft Security Bulletin 08-074.
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=763>
Exploit works on Microsoft Excel 2000 SP3 and requires a user to open the exploit file.
After opening the exploit file, there may be a delay before the connection is established.
Windows 2000
Windows XP