9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.97 High
EPSS
Percentile
99.7%
Added: 07/22/2010
CVE: CVE-2010-0822
BID: 40520
OSVDB: 65236
Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.
Microsoft Excel is vulnerable to a buffer overflow when processing malformed OBJ (recType 0x5D) records. This vulnerability could be exploited to execute arbitrary code by tricking a user into opening a specially crafted Excel document.
Apply the patch referenced in Microsoft Security Bulletin 10-038.
<http://secunia.com/advisories/37500/>
Exploit works on Microsoft Office Excel 2007 SP2 and requires a user to open the exploit file in Microsoft Office Excel.
Macros must be enabled in Excel.
There may be a delay before the exploit succeeds.
This exploit requires the Compress::Zlib PERL module.
Windows