ID |
CVE-2007-0030
|
Summary |
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:microsoft:excel:2000:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2000:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:works:2005:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:works:2005:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:v.x:*:mac:*:*:*:*:*
cpe:2.3:a:microsoft:office:v.x:*:mac:*:*:*:*:*
|
CVSS |
Base: | 9.3 (as of 16-10-2018 - 16:30) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
oval
via4
|
accepted | 2012-05-28T04:01:38.959-04:00 | class | vulnerability | contributors | name | Robert L. Hollis | organization | ThreatGuard, Inc. |
name | Shane Shaffer | organization | G2, Inc. |
| definition_extensions | comment | Microsoft Excel 2000 is installed | oval | oval:org.mitre.oval:def:758 |
comment | Microsoft Excel 2002 is installed | oval | oval:org.mitre.oval:def:473 |
comment | Microsoft Excel 2003 is installed | oval | oval:org.mitre.oval:def:764 |
comment | Microsoft Excel Viewer 2003 is installed | oval | oval:org.mitre.oval:def:439 |
| description | Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory. | family | windows | id | oval:org.mitre.oval:def:323 | status | accepted | submitted | 2007-01-10T02:08:37 | title | Excel Malformed Column Record Vulnerability | version | 12 |
|
refmap
via4
|
bid | 21925 | cert | TA07-009A | cert-vn | VU#302836 | hp | | idefense | 20070109 Microsoft Excel Invalid Column Heap Corruption Vulnerability | osvdb | 31257 | sectrack | 1017487 | vupen | ADV-2007-0103 |
|
Last major update |
16-10-2018 - 16:30 |
Published |
09-01-2007 - 23:28 |
Last modified |
16-10-2018 - 16:30 |