CVE-2010-0258 - Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open

CVE-2010-0258

Summary

Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that causes memory to be interpreted as a different object type than intended, aka "Microsoft Office Excel Sheet Object Type Confusion Vulnerability."

References

Vulnerable Configurations

cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2007:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2007:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2004:*:*:*:*:mac_os_x:*:*
cpe:2.3:a:microsoft:office:2004:*:*:*:*:mac_os_x:*:*
cpe:2.3:a:microsoft:office:2008:*:*:*:*:macos:*:*
cpe:2.3:a:microsoft:office:2008:*:*:*:*:macos:*:*
cpe:2.3:a:microsoft:office_excel_viewer:-:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_excel_viewer:-:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_excel_viewer:-:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_excel_viewer:-:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:*:*:*:macos:*:*
cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:*:*:*:macos:*:*

CVSS

Base:	9.3 (as of 02-02-2024 - 02:38)
Impact:
Exploitability:

CWE

CWE-843

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

msbulletin via4

bulletin_id	MS10-017
bulletin_url
date	2010-03-09T00:00:00
impact	Remote Code Execution
knowledgebase_id	980150
knowledgebase_url
severity	Important
title	Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution

oval via4

accepted

2014-06-30T04:11:29.578-04:00

class

vulnerability

contributors

name Dragos Prisaca
organization Symantec Corporation
name Shane Shaffer
organization G2, Inc.
name Josh Turpin
organization Symantec Corporation
name Maria Kedovskaya
organization ALTX-SOFT
name Maria Mikhno
organization ALTX-SOFT

definition_extensions

comment Microsoft Excel 2002 is installed
oval oval:org.mitre.oval:def:473
comment Microsoft Excel 2003 is installed
oval oval:org.mitre.oval:def:764
comment Microsoft Excel 2007 is installed
oval oval:org.mitre.oval:def:1745
comment Microsoft Excel Viewer 2007 is installed
oval oval:org.mitre.oval:def:6006
comment Microsoft Office Compatibility Pack is installed
oval oval:org.mitre.oval:def:1853
comment Microsoft Office 2007 is installed
oval oval:org.mitre.oval:def:1211

description

family

windows

oval:org.mitre.oval:def:8545

status

accepted

submitted

2010-03-09T13:00:00

title

Microsoft Office Excel Sheet Object Type Confusion Vulnerability

version

refmap via4

cert	TA10-068A
idefense	20100309 Microsoft Excel Sheet Object Type Confusion Vulnerability
sectrack	1023698

Last major update

02-02-2024 - 02:38

Published

10-03-2010 - 22:30

Last modified

02-02-2024 - 02:38