ID CVE-2008-3006
Summary Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse Country record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Record Parsing Vulnerability." This vulnerability has multiple attack vectors and CIA impact. Please review the following guidance from Microsoft for more information: An attack against a user's local Excel client can result in remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. An attacker could then install programs or view, change, or delete data; or create new accounts with full user rights. An attack against a Microsoft Office SharePoint Server 2007 site can result in elevation of privilege. An attacker who successfully exploited this vulnerability could gain an elevation of privilege within SharePoint server, as opposed to elevation of privilege within the workstation or server environment. In an attack against a SharePoint site, an attacker would first need an account on the SharePoint site with sufficient rights to upload a specially crafted Excel file and then create a web part using the file on the SharePoint site.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2007:*:gold:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2007:*:gold:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office_compatibility_pack:2007:*:gold:*:*:*:*:*
    cpe:2.3:a:microsoft:office_compatibility_pack:2007:*:gold:*:*:*:*:*
  • cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office_excel_viewer:2003:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office_excel_viewer:2003:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office_excel_viewer:2003:*:gold:*:*:*:*:*
    cpe:2.3:a:microsoft:office_excel_viewer:2003:*:gold:*:*:*:*:*
  • cpe:2.3:a:microsoft:office_excel_viewer:2003:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office_excel_viewer:2003:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:sharepoint_server:2007:*:gold:*:*:*:*:*
    cpe:2.3:a:microsoft:sharepoint_server:2007:*:gold:*:*:*:*:*
  • cpe:2.3:a:microsoft:sharepoint_server:2007:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:sharepoint_server:2007:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
CVSS
Base: 9.3 (as of 30-10-2018 - 16:26)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2014-06-30T04:11:02.944-04:00
class vulnerability
contributors
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
  • name Chandan S
    organization SecPod Technologies
  • name Shane Shaffer
    organization G2, Inc.
  • name Josh Turpin
    organization Symantec Corporation
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Excel 2000 is installed
    oval oval:org.mitre.oval:def:758
  • comment Microsoft Excel 2002 is installed
    oval oval:org.mitre.oval:def:473
  • comment Microsoft Excel 2003 is installed
    oval oval:org.mitre.oval:def:764
  • comment Microsoft Excel 2007 is installed
    oval oval:org.mitre.oval:def:1745
  • comment Microsoft Office Compatibility Pack is installed
    oval oval:org.mitre.oval:def:1853
  • comment Microsoft Office SharePoint Server 2007 is installed.
    oval oval:org.mitre.oval:def:2313
  • comment Microsoft Excel Viewer 2003 is installed
    oval oval:org.mitre.oval:def:439
  • comment Microsoft Excel Viewer 2007 is installed
    oval oval:org.mitre.oval:def:6006
description Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse Country record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Record Parsing Vulnerability."
family windows
id oval:org.mitre.oval:def:5561
status accepted
submitted 2008-08-13T09:28:00
title Excel Record Parsing Vulnerability
version 32
refmap via4
bid 30640
bugtraq 20080812 ZDI-08-048: Microsoft Excel COUNTRY Record Memory Corruption Vulnerability
cert TA08-225A
hp
  • HPSBST02360
  • SSRT080117
misc http://www.zerodayinitiative.com/advisories/ZDI-08-048/
sectrack 1020672
secunia
  • 31454
  • 31455
vupen ADV-2008-2347
Last major update 30-10-2018 - 16:26
Published 12-08-2008 - 23:41
Last modified 30-10-2018 - 16:26
Back to Top