CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
98.6%
Added: 01/17/2008
CVE: CVE-2008-0081
BID: 27305
OSVDB: 40344
Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms.
Microsoft Excel references an uninitialized pointer if a spreadsheet contains an improperly placed rtAFDesc record. This can lead to arbitrary command execution when a user opens a specially crafted file.
Refer to Microsoft Security Advisory 947563 and apply a patch when available.
<http://www.microsoft.com/technet/security/advisory/947563.mspx>
Exploit works on Microsoft Excel 2003 Service Pack 2 with patch KB940602 and requires a user to open the exploit file in Microsoft Excel.
The success of this exploit may depend on the state of the target system at the time the exploit is attempted.
Windows 2000
Windows XP SP1
Windows XP SP2
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
98.6%