cvelistv5 - CVE-2008-0081

CVE-2008-0081 (GCVE-0-2008-0081)

Vulnerability from cvelistv5

Published

2008-01-16 22:00

Modified

2025-01-17 15:12

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Summary

References

URL

Tags

secure@microsoft.com	http://marc.info/?l=bugtraq&m=120585858807305&w=2	Mailing List
secure@microsoft.com	http://marc.info/?l=bugtraq&m=120585858807305&w=2	Mailing List
secure@microsoft.com	http://marc.info/?l=bugtraq&m=120585858807305&w=2	Mailing List
secure@microsoft.com	http://marc.info/?l=bugtraq&m=120585858807305&w=2	Mailing List
secure@microsoft.com	http://secunia.com/advisories/28506	Broken Link, Vendor Advisory
secure@microsoft.com	http://securitytracker.com/id?1019200	Broken Link, Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.microsoft.com/technet/security/advisory/947563.mspx	Broken Link, Patch, Vendor Advisory
secure@microsoft.com	http://www.securityfocus.com/bid/27305	Broken Link, Patch, Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA08-071A.html	Broken Link, Third Party Advisory, US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2008/0146	Broken Link, Vendor Advisory
secure@microsoft.com	http://www.vupen.com/english/advisories/2008/0846/references	Broken Link, Vendor Advisory
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014	Patch, Vendor Advisory
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/39699	Third Party Advisory, VDB Entry
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5546	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=120585858807305&w=2	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=120585858807305&w=2	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=120585858807305&w=2	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=120585858807305&w=2	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28506	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1019200	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.microsoft.com/technet/security/advisory/947563.mspx	Broken Link, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27305	Broken Link, Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-071A.html	Broken Link, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0146	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0846/references	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/39699	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5546	Broken Link

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:32:24.157Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1019200",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1019200"
          },
          {
            "name": "oval:org.mitre.oval:def:5546",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5546"
          },
          {
            "name": "microsoft-excel-unspecified-code-execution(39699)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39699"
          },
          {
            "name": "TA08-071A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
          },
          {
            "name": "947563",
            "tags": [
              "vendor-advisory",
              "x_refsource_MSKB",
              "x_transferred"
            ],
            "url": "http://www.microsoft.com/technet/security/advisory/947563.mspx"
          },
          {
            "name": "27305",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27305"
          },
          {
            "name": "MS08-014",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
          },
          {
            "name": "SSRT080028",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
          },
          {
            "name": "HPSBST02320",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
          },
          {
            "name": "ADV-2008-0146",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0146"
          },
          {
            "name": "ADV-2008-0846",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0846/references"
          },
          {
            "name": "28506",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28506"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2008-0081",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-09T18:08:19.346727Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-908",
                "description": "CWE-908 Use of Uninitialized Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-17T15:12:25.745Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka \"Macro Validation Vulnerability,\" a different vulnerability than CVE-2007-3490."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1019200",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1019200"
        },
        {
          "name": "oval:org.mitre.oval:def:5546",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5546"
        },
        {
          "name": "microsoft-excel-unspecified-code-execution(39699)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39699"
        },
        {
          "name": "TA08-071A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
        },
        {
          "name": "947563",
          "tags": [
            "vendor-advisory",
            "x_refsource_MSKB"
          ],
          "url": "http://www.microsoft.com/technet/security/advisory/947563.mspx"
        },
        {
          "name": "27305",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27305"
        },
        {
          "name": "MS08-014",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
        },
        {
          "name": "SSRT080028",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
        },
        {
          "name": "HPSBST02320",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
        },
        {
          "name": "ADV-2008-0146",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0146"
        },
        {
          "name": "ADV-2008-0846",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0846/references"
        },
        {
          "name": "28506",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28506"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2008-0081",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka \"Macro Validation Vulnerability,\" a different vulnerability than CVE-2007-3490."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1019200",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1019200"
            },
            {
              "name": "oval:org.mitre.oval:def:5546",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5546"
            },
            {
              "name": "microsoft-excel-unspecified-code-execution(39699)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39699"
            },
            {
              "name": "TA08-071A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
            },
            {
              "name": "947563",
              "refsource": "MSKB",
              "url": "http://www.microsoft.com/technet/security/advisory/947563.mspx"
            },
            {
              "name": "27305",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27305"
            },
            {
              "name": "MS08-014",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
            },
            {
              "name": "SSRT080028",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
            },
            {
              "name": "HPSBST02320",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
            },
            {
              "name": "ADV-2008-0146",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0146"
            },
            {
              "name": "ADV-2008-0846",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0846/references"
            },
            {
              "name": "28506",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28506"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2008-0081",
    "datePublished": "2008-01-16T22:00:00",
    "dateReserved": "2008-01-03T00:00:00",
    "dateUpdated": "2025-01-17T15:12:25.745Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-0081\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2008-01-16T23:00:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka \\\"Macro Validation Vulnerability,\\\" a different vulnerability than CVE-2007-3490.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad no especificada en Microsoft Excel 2000 SP3 hasta 2003 SP2, Viewer 2003 y Office 2004 para Mac, permite a atacantes remotos asistidos por el usuario ejecutar c\u00f3digo arbitrario por medio de macros dise\u00f1adas, tambi\u00e9n se conoce como \\\"VMacro Validation Vulnerability,\\\" una vulnerabilidad diferente de CVE-2007-3490.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-908\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-908\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2000:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"439B26BA-376C-4D6B-B7BA-B66B8BDA8E37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"896E23B1-AB34-43FF-96F3-BA6ED7F162AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2003:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A07483B7-E30C-43F3-B54B-2864BE9AD704\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDB0020C-A804-4003-B411-1AC7A6E7193E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2004:*:*:*:*:macos:*:*\",\"matchCriteriaId\":\"0B191155-67F2-4C6E-BD0C-AF5AF6F04BA1\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://secunia.com/advisories/28506\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1019200\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.microsoft.com/technet/security/advisory/947563.mspx\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/27305\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\",\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-071A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/0146\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/0846/references\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/39699\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5546\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://secunia.com/advisories/28506\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1019200\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.microsoft.com/technet/security/advisory/947563.mspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/27305\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-071A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/0146\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/0846/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/39699\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5546\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://securitytracker.com/id?1019200\", \"name\": \"1019200\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5546\", \"name\": \"oval:org.mitre.oval:def:5546\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\", \"x_transferred\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/39699\", \"name\": \"microsoft-excel-unspecified-code-execution(39699)\", \"tags\": [\"vdb-entry\", \"x_refsource_XF\", \"x_transferred\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-071A.html\", \"name\": \"TA08-071A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\", \"x_transferred\"]}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/947563.mspx\", \"name\": \"947563\", \"tags\": [\"vendor-advisory\", \"x_refsource_MSKB\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/27305\", \"name\": \"27305\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014\", \"name\": \"MS08-014\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\", \"x_transferred\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2\", \"name\": \"SSRT080028\", \"tags\": [\"vendor-advisory\", \"x_refsource_HP\", \"x_transferred\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2\", \"name\": \"HPSBST02320\", \"tags\": [\"vendor-advisory\", \"x_refsource_HP\", \"x_transferred\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0146\", \"name\": \"ADV-2008-0146\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0846/references\", \"name\": \"ADV-2008-0846\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/advisories/28506\", \"name\": \"28506\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-07T07:32:24.157Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2008-0081\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-09T18:08:19.346727Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-908\", \"description\": \"CWE-908 Use of Uninitialized Resource\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-17T15:12:06.994Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2008-01-15T00:00:00\", \"references\": [{\"url\": \"http://securitytracker.com/id?1019200\", \"name\": \"1019200\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5546\", \"name\": \"oval:org.mitre.oval:def:5546\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/39699\", \"name\": \"microsoft-excel-unspecified-code-execution(39699)\", \"tags\": [\"vdb-entry\", \"x_refsource_XF\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-071A.html\", \"name\": \"TA08-071A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\"]}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/947563.mspx\", \"name\": \"947563\", \"tags\": [\"vendor-advisory\", \"x_refsource_MSKB\"]}, {\"url\": \"http://www.securityfocus.com/bid/27305\", \"name\": \"27305\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014\", \"name\": \"MS08-014\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2\", \"name\": \"SSRT080028\", \"tags\": [\"vendor-advisory\", \"x_refsource_HP\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2\", \"name\": \"HPSBST02320\", \"tags\": [\"vendor-advisory\", \"x_refsource_HP\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0146\", \"name\": \"ADV-2008-0146\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0846/references\", \"name\": \"ADV-2008-0846\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"]}, {\"url\": \"http://secunia.com/advisories/28506\", \"name\": \"28506\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka \\\"Macro Validation Vulnerability,\\\" a different vulnerability than CVE-2007-3490.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2018-10-12T19:57:01\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://securitytracker.com/id?1019200\", \"name\": \"1019200\", \"refsource\": \"SECTRACK\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5546\", \"name\": \"oval:org.mitre.oval:def:5546\", \"refsource\": \"OVAL\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/39699\", \"name\": \"microsoft-excel-unspecified-code-execution(39699)\", \"refsource\": \"XF\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-071A.html\", \"name\": \"TA08-071A\", \"refsource\": \"CERT\"}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/947563.mspx\", \"name\": \"947563\", \"refsource\": \"MSKB\"}, {\"url\": \"http://www.securityfocus.com/bid/27305\", \"name\": \"27305\", \"refsource\": \"BID\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014\", \"name\": \"MS08-014\", \"refsource\": \"MS\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2\", \"name\": \"SSRT080028\", \"refsource\": \"HP\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2\", \"name\": \"HPSBST02320\", \"refsource\": \"HP\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0146\", \"name\": \"ADV-2008-0146\", \"refsource\": \"VUPEN\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0846/references\", \"name\": \"ADV-2008-0846\", \"refsource\": \"VUPEN\"}, {\"url\": \"http://secunia.com/advisories/28506\", \"name\": \"28506\", \"refsource\": \"SECUNIA\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka \\\"Macro Validation Vulnerability,\\\" a different vulnerability than CVE-2007-3490.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2008-0081\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secure@microsoft.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2008-0081\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-17T15:12:25.745Z\", \"dateReserved\": \"2008-01-03T00:00:00\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2008-01-16T22:00:00\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTA-2008-ALE-003

Vulnerability from certfr_alerte

Une vulnérabilité dans plusieurs versions du tableur Excel permet une exécution de code arbitraire.

Description

Une vulnérabilité, non publique mais confirmée par l'éditeur, est présente dans plusieurs versions du tableur Excel. L'exploitation de cette vulnérabilité, au travers d'un document spécialement conçu, permet l'exécution de code arbitraire. Le code est exécuté avec les droits de l'utilisateur qui ouvre le document malveillant. L'utilisateur malveillant doit inciter l'utilisateur du logiciel vulnérable à ouvrir un document malveillant.

Cette vulnérabilité serait exploitée, à la date de rédaction de cette alerte.

Les versions suivantes d'Excel ne seraient pas vulnérables :

2003 SP3 ;
2007 ;
2008 pour Mac.

Cette vulnérabilité est corrigée et mentionnée dans le bulletin Microsoft MS08-014 publié le 11 mars 2008. Ce dernier est détaillé dans l'avis CERTA-2008-AVI-125.

Contournement provisoire

Dans l'attente d'un correctif, plusieurs mesures permettent de réduire l'impact de l'exploitation de cette vulnérabilité :

utiliser une version non vulnérable ou un logiciel alternatif (visualisateur, tableur ou suite bureautique) ;
n'ouvrir que des documents de confiance ;
être circonspect à l'égard des pièces jointes de courriels et des documents téléchargés ;
travailler avec un compte aux droits restreints (principe du moindre privilège).

Solution

Se référer au bulletin de sécurité MS08-014 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

Microsoft Office Excel dans les versions suivantes :

2000 ;
2002 ;
2003 SP2 ;
2004 pour Mac.

Microsoft Office Excel Viewer 2003.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin Microsoft 947563 du 15 janvier 2008	None	vendor-advisory
Bulletin de sécurité Microsoft 947563 du 15 janvier 2008 :	-	other
Avis CERTA-2008-AVI-125 du 12 mars 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eMicrosoft Office Excel dans les versions suivantes :\u003c/P\u003e  \u003cUL\u003e    \u003cLI\u003e2000 ;\u003c/LI\u003e    \u003cLI\u003e2002 ;\u003c/LI\u003e    \u003cLI\u003e2003 SP2 ;\u003c/LI\u003e    \u003cLI\u003e2004 pour Mac.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eMicrosoft Office Excel Viewer 2003.\u003c/P\u003e",
  "closed_at": "2008-03-12",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9, non publique mais confirm\u00e9e par l\u0027\u00e9diteur, est\npr\u00e9sente dans plusieurs versions du tableur Excel. L\u0027exploitation de\ncette vuln\u00e9rabilit\u00e9, au travers d\u0027un document sp\u00e9cialement con\u00e7u, permet\nl\u0027ex\u00e9cution de code arbitraire. Le code est ex\u00e9cut\u00e9 avec les droits de\nl\u0027utilisateur qui ouvre le document malveillant. L\u0027utilisateur\nmalveillant doit inciter l\u0027utilisateur du logiciel vuln\u00e9rable \u00e0 ouvrir\nun document malveillant.\n\nCette vuln\u00e9rabilit\u00e9 serait exploit\u00e9e, \u00e0 la date de r\u00e9daction de cette\nalerte.\n\nLes versions suivantes d\u0027Excel ne seraient pas vuln\u00e9rables :\n\n-   2003 SP3 ;\n-   2007 ;\n-   2008 pour Mac.\n\nCette vuln\u00e9rabilit\u00e9 est corrig\u00e9e et mentionn\u00e9e dans le bulletin\nMicrosoft MS08-014 publi\u00e9 le 11 mars 2008. Ce dernier est d\u00e9taill\u00e9 dans\nl\u0027avis CERTA-2008-AVI-125.\n\n## Contournement provisoire\n\nDans l\u0027attente d\u0027un correctif, plusieurs mesures permettent de r\u00e9duire\nl\u0027impact de l\u0027exploitation de cette vuln\u00e9rabilit\u00e9 :\n\n-   utiliser une version non vuln\u00e9rable ou un logiciel alternatif\n    (visualisateur, tableur ou suite bureautique) ;\n-   n\u0027ouvrir que des documents de confiance ;\n-   \u00eatre circonspect \u00e0 l\u0027\u00e9gard des pi\u00e8ces jointes de courriels et des\n    documents t\u00e9l\u00e9charg\u00e9s ;\n-   travailler avec un compte aux droits restreints (principe du moindre\n    privil\u00e8ge).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS08-014 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0081"
    }
  ],
  "initial_release_date": "2008-01-16T00:00:00",
  "last_revision_date": "2008-03-12T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft 947563 du 15 janvier 2008 :",
      "url": "http://www.microsoft.com/technet/security/advisory/947563.mspx"
    },
    {
      "title": "Avis CERTA-2008-AVI-125 du 12 mars 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-125/"
    }
  ],
  "reference": "CERTA-2008-ALE-003",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-01-16T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences au bulletin MS08-14 et \u00e0 l\u0027avis correspondant.",
      "revision_date": "2008-03-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans plusieurs versions du tableur Excel permet une\nex\u00e9cution de code arbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Excel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin Microsoft 947563 du 15 janvier 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-125

Vulnerability from certfr_avis

Plusieurs vulnérabilités ont été identifiées dans l'application Microsoft Excel. L'une d'elles a fait l'objet en janvier 2008 de l'alerte CERTA-2008-ALE-003. Elles permettraient à une personne malveillante les exploitant via un fichier Excel spécialement construit d'exécuter des commandes arbitraires sur le système vulnérable sur lequel le document serait ouvert.

Description

Plusieurs vulnérabilités ont été identifiées dans l'application de bureautique Microsoft Excel.

l'application ne manipulerait pas convenablement les macros à l'ouverture de fichiers Excel. Cette vulnérabilité a fait l'objet de l'alerte CERTA-2008-ALE-003 ;
l'application ne contrôlerait pas correctement les données des fichiers Excel lorsqu'ils sont chargés en mémoire ;
l'application ne vérifierait pas correctement les données de fichiers qui sont importés ;
l'application ne manipulerait pas correctement des informations liées à un enregistrement STYLE à l'ouverture d'un fichier ;
l'application ne validerait pas correctement des valeurs pour la mise en forme conditionnelle.

L'exploitation de ces vulnérabilités permettrait à une personne malveillante d'exécuter des commandes arbitraires sur le système vulnérable sur lequel un document spécifiquement construit serait ouvert.

Des codes d'exploitation concernant certaines de ces vulnérabilités circulent actuellement sur l'Internet.

Solution

Se référer au bulletin de sécurité MS08-014 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office XP Service Pack 3 ;
Microsoft	Office	Microsoft Office 2003 Service Pack 2 ;
Microsoft	Office	Pack de Compatibilité Microsoft Office pour les formats de fichiers Word, Excel et PowerPoint 2007 ;
Microsoft	Office	Microsoft Office 2008 pour Mac.
Microsoft	Office	Microsoft Office 2000 Service Pack 3 ;
Microsoft	Office	Microsoft Office Excel Viewer 2003 ;
Microsoft	Office	Microsoft Office 2007 ;
Microsoft	Office	Microsoft Office 2004 pour Mac ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS08-014 du 11 mars 2008	None	vendor-advisory
Document du CERTA CERTA-2008-ALE-003 du 16 mars 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office XP Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2003 Service Pack 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Pack de Compatibilit\u00e9 Microsoft Office pour les formats de fichiers Word, Excel et PowerPoint 2007 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2008 pour Mac.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2000 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel Viewer 2003 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2007 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2004 pour Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans l\u0027application de\nbureautique Microsoft Excel.\n\n-   l\u0027application ne manipulerait pas convenablement les macros \u00e0\n    l\u0027ouverture de fichiers Excel. Cette vuln\u00e9rabilit\u00e9 a fait l\u0027objet de\n    l\u0027alerte CERTA-2008-ALE-003 ;\n-   l\u0027application ne contr\u00f4lerait pas correctement les donn\u00e9es des\n    fichiers Excel lorsqu\u0027ils sont charg\u00e9s en m\u00e9moire ;\n-   l\u0027application ne v\u00e9rifierait pas correctement les donn\u00e9es de\n    fichiers qui sont import\u00e9s ;\n-   l\u0027application ne manipulerait pas correctement des informations\n    li\u00e9es \u00e0 un enregistrement STYLE \u00e0 l\u0027ouverture d\u0027un fichier ;\n-   l\u0027application ne validerait pas correctement des valeurs pour la\n    mise en forme conditionnelle.\n\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permettrait \u00e0 une personne\nmalveillante d\u0027ex\u00e9cuter des commandes arbitraires sur le syst\u00e8me\nvuln\u00e9rable sur lequel un document sp\u00e9cifiquement construit serait\nouvert.\n\nDes codes d\u0027exploitation concernant certaines de ces vuln\u00e9rabilit\u00e9s\ncirculent actuellement sur l\u0027Internet.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS08-014 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0081"
    },
    {
      "name": "CVE-2008-0112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0112"
    },
    {
      "name": "CVE-2008-0115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0115"
    },
    {
      "name": "CVE-2008-0117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0117"
    },
    {
      "name": "CVE-2008-0114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0114"
    },
    {
      "name": "CVE-2008-0116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0116"
    },
    {
      "name": "CVE-2008-0111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0111"
    }
  ],
  "initial_release_date": "2008-03-12T00:00:00",
  "last_revision_date": "2008-03-12T00:00:00",
  "links": [
    {
      "title": "Document du CERTA CERTA-2008-ALE-003 du 16 mars 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-ALE-003/index.html"
    }
  ],
  "reference": "CERTA-2008-AVI-125",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-03-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans l\u0027application\nMicrosoft Excel. L\u0027une d\u0027elles a fait l\u0027objet en janvier 2008 de\nl\u0027alerte CERTA-2008-ALE-003. Elles permettraient \u00e0 une personne\nmalveillante les exploitant via un fichier Excel sp\u00e9cialement construit\nd\u0027ex\u00e9cuter des commandes arbitraires sur le syst\u00e8me vuln\u00e9rable sur\nlequel le document serait ouvert.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Excel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS08-014 du 11 mars 2008",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx"
    }
  ]
}

ghsa-h6j8-g36h-j99v

Vulnerability from github

Published

2022-05-01 23:27

Modified

2024-02-09 00:31

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0081"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-01-16T23:00:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka \"Macro Validation Vulnerability,\" a different vulnerability than CVE-2007-3490.",
  "id": "GHSA-h6j8-g36h-j99v",
  "modified": "2024-02-09T00:31:33Z",
  "published": "2022-05-01T23:27:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0081"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39699"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5546"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28506"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1019200"
    },
    {
      "type": "WEB",
      "url": "http://www.microsoft.com/technet/security/advisory/947563.mspx"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/27305"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0146"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0846/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

var-200801-0023

Vulnerability from variot

Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490. Microsoft Excel for, Excel There is a memory corruption vulnerability due to a flaw in the handling of file headers.crafted by a third party Excel The file may lead to arbitrary code execution. Microsoft Excel is prone to a remote code-execution vulnerability. An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. There are multiple code execution vulnerabilities in the way of processing data when Excel imports files, the way of processing Style record data, the way of processing conditional format values, and the way of processing macros.

A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.

NOTE: According to Microsoft, this is currently being actively exploited.

SOLUTION: Do not open untrusted Excel files. Please see the vendor's advisory for details.

PROVIDED AND/OR DISCOVERED BY: Discovered as a 0-day.

ORIGINAL ADVISORY: Microsoft (KB947563): http://www.microsoft.com/technet/security/advisory/947563.mspx

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

 National Cyber Alert System

Technical Cyber Security Alert TA08-071A

Microsoft Updates for Multiple Vulnerabilities

Original release date: March 11, 2008 Last revised: -- Source: US-CERT

Systems Affected

 * Microsoft Office
 * Microsoft Outlook
 * Microsoft Excel
 * Microsoft Excel Viewer
 * Microsoft Office for Mac
 * Microsoft Office Web Componenets

Overview

Microsoft has released updates that address vulnerabilities in Microsoft Office, Outlook, Excel, Excel Viewer, Office for Mac, and Office Web Components.

I. Description

Microsoft has released updates to address vulnerabilities that affect Microsoft Office, Outlook, Excel, Excel Viewer, Office for Mac, and Office Web Components as part of the Microsoft Security Bulletin Summary for March 2008. For more information, see the US-CERT Vulnerability Notes Database.

II.

III. Solution

Apply updates from Microsoft

Microsoft has provided updates for these vulnerabilities in the March 2008 security bulletin. The security bulletin describe any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

IV. References

US-CERT Vulnerability Notes for Microsoft March 2008 updates
http://www.kb.cert.org/vuls/byid?searchview&query=ms08-mar
Microsoft Security Bulletin Summary for March 2008
http://www.microsoft.com/technet/security/bulletin/ms08-mar.mspx
Microsoft Update - https://www.update.microsoft.com/microsoftupdate/
Windows Server Update Services - http://www.microsoft.com/windowsserversystem/updateservices/default.mspx

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA08-071A.html>

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA08-071A Feedback VU#393305" in the subject.

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.

Produced 2008 by US-CERT, a government organization.

<http://www.us-cert.gov/legal.html>

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBR9b0APRFkHkM87XOAQLTUwf9HHlM9vQfwMpmCv77RuJKdZgdn5bNTPQA HjsABoxmVZzE4XnArclHPyMivO8x/oel6UFvZgG/h2oGFarK7h1WpvCFQKE/cNO8 c5o0tRhxMx+ri7w7DnkhmhbWTLQ8coqKjzAioKoc2mboNz+PamQO22INjS3ktOyL dRA+qwxSsPN3Bi7NDS2DOdUeAA+VdMn0cQTDLHJ7ZPhzy7JOiVXwQwyO3CwNDeOl C6+FGSk8o1BsMjdP6kRaGnQkgivBi1ID4dcAQA8h0K2IGDPkCBIYiGTvj9pNnpwZ lrP6DdHyd2idzGEXr2R0VlTQPrhabs+YpZq+qzVh6f2tg+Lc9xBwHg== =aCnE -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200801-0023",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "excel",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "excel",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "microsoft",
        "version": "2002"
      },
      {
        "model": "excel",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "excel viewer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "office",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "2004"
      },
      {
        "model": "microsoft office",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2007"
      },
      {
        "model": "microsoft excel viewer",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft office \u4e92\u63db\u6a5f\u80fd\u30d1\u30c3\u30af",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft office",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2003"
      },
      {
        "model": "microsoft office",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "compatibility pack"
      },
      {
        "model": "microsoft excel",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft office",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "xp"
      },
      {
        "model": "microsoft office",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2004 (mac_os)"
      },
      {
        "model": "microsoft office",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2000"
      },
      {
        "model": "office xp sp3",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "office xp sp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "office xp sp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "office xp",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "office for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20040"
      },
      {
        "model": "office sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "office sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "office sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "office",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20030"
      },
      {
        "model": "office",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20020"
      },
      {
        "model": "office sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "office sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "office",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "internet explorer for unix sp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "excel viewer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20030"
      },
      {
        "model": "excel for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20040"
      },
      {
        "model": "excel sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "excel sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "excel sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "excel sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2002"
      },
      {
        "model": "excel sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2002"
      },
      {
        "model": "excel sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2002"
      },
      {
        "model": "excel sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "excel sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "excel sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "27305"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001031"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-246"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0081"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Bing LiuMoti JosephDan Hubbard",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-246"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-0081",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2008-0081",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-30206",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2008-0081",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2008-0081",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2008-0081",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2008-0081",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200801-246",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-30206",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30206"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001031"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-246"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0081"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka \"Macro Validation Vulnerability,\" a different vulnerability than CVE-2007-3490. Microsoft Excel for, Excel There is a memory corruption vulnerability due to a flaw in the handling of file headers.crafted by a third party Excel The file may lead to arbitrary code execution. Microsoft Excel is prone to a remote code-execution vulnerability. \nAn attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. There are multiple code execution vulnerabilities in the way of processing data when Excel imports files, the way of processing Style record data, the way of processing conditional format values, and the way of processing macros. \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nNOTE: According to Microsoft, this is currently being actively\nexploited. \n\nSOLUTION:\nDo not open untrusted Excel files. Please see the vendor\u0027s advisory for details. \n\nPROVIDED AND/OR DISCOVERED BY:\nDiscovered as a 0-day. \n\nORIGINAL ADVISORY:\nMicrosoft (KB947563):\nhttp://www.microsoft.com/technet/security/advisory/947563.mspx\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n\t National Cyber Alert System\n\n   Technical Cyber Security Alert TA08-071A\n\nMicrosoft Updates for Multiple Vulnerabilities\n\n   Original release date: March 11, 2008\n   Last revised: --\n   Source: US-CERT\n\nSystems Affected\n\n     * Microsoft Office\n     * Microsoft Outlook\n     * Microsoft Excel\n     * Microsoft Excel Viewer\n     * Microsoft Office for Mac\n     * Microsoft Office Web Componenets\n\nOverview\n\n   Microsoft   has  released  updates  that  address  vulnerabilities  in\n   Microsoft  Office,  Outlook,  Excel, Excel Viewer, Office for Mac, and\n   Office Web Components. \n\nI. Description\n\n   Microsoft  has released updates to address vulnerabilities that affect\n   Microsoft  Office,  Outlook,  Excel, Excel Viewer, Office for Mac, and\n   Office  Web  Components  as  part  of  the Microsoft Security Bulletin\n   Summary  for March 2008. For more\n   information, see the US-CERT Vulnerability Notes Database. \n\nII. \n\nIII. Solution\n\nApply updates from Microsoft\n\n   Microsoft  has provided updates for these vulnerabilities in the March\n   2008  security  bulletin.  The  security  bulletin  describe any known\n   issues  related  to the updates. Administrators are encouraged to note\n   these   issues   and   test   for  any  potentially  adverse  effects. \n   Administrators  should consider using an automated update distribution\n   system such as Windows Server Update Services (WSUS). \n\nIV. References\n\n * US-CERT  Vulnerability  Notes  for  Microsoft March 2008 updates\n   - \u003chttp://www.kb.cert.org/vuls/byid?searchview\u0026query=ms08-mar\u003e\n\n * Microsoft Security Bulletin Summary for March 2008\n   - \u003chttp://www.microsoft.com/technet/security/bulletin/ms08-mar.mspx\u003e\n\n * Microsoft Update - \u003chttps://www.update.microsoft.com/microsoftupdate/\u003e\n\n * Windows Server Update Services - \u003chttp://www.microsoft.com/windowsserversystem/updateservices/default.mspx\u003e\n\n _________________________________________________________________\n\n  The most recent version of this document can be found at:\n\n    \u003chttp://www.us-cert.gov/cas/techalerts/TA08-071A.html\u003e\n _________________________________________________________________\n\n  Feedback can be directed to US-CERT Technical Staff. Please send\n  email to \u003ccert@cert.org\u003e with \"TA08-071A Feedback VU#393305\" in the\n  subject. \n _________________________________________________________________\n\n  For instructions on subscribing to or unsubscribing from this\n  mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n _________________________________________________________________\n\n  Produced 2008 by US-CERT, a government organization. \n\n  Terms of use:\n\n    \u003chttp://www.us-cert.gov/legal.html\u003e\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBR9b0APRFkHkM87XOAQLTUwf9HHlM9vQfwMpmCv77RuJKdZgdn5bNTPQA\nHjsABoxmVZzE4XnArclHPyMivO8x/oel6UFvZgG/h2oGFarK7h1WpvCFQKE/cNO8\nc5o0tRhxMx+ri7w7DnkhmhbWTLQ8coqKjzAioKoc2mboNz+PamQO22INjS3ktOyL\ndRA+qwxSsPN3Bi7NDS2DOdUeAA+VdMn0cQTDLHJ7ZPhzy7JOiVXwQwyO3CwNDeOl\nC6+FGSk8o1BsMjdP6kRaGnQkgivBi1ID4dcAQA8h0K2IGDPkCBIYiGTvj9pNnpwZ\nlrP6DdHyd2idzGEXr2R0VlTQPrhabs+YpZq+qzVh6f2tg+Lc9xBwHg==\n=aCnE\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-0081"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001031"
      },
      {
        "db": "BID",
        "id": "27305"
      },
      {
        "db": "VULHUB",
        "id": "VHN-30206"
      },
      {
        "db": "PACKETSTORM",
        "id": "62693"
      },
      {
        "db": "PACKETSTORM",
        "id": "64511"
      }
    ],
    "trust": 2.16
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-30206",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30206"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-0081",
        "trust": 3.6
      },
      {
        "db": "BID",
        "id": "27305",
        "trust": 2.8
      },
      {
        "db": "USCERT",
        "id": "TA08-071A",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "28506",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1019200",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0846",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0146",
        "trust": 1.7
      },
      {
        "db": "XF",
        "id": "39699",
        "trust": 1.4
      },
      {
        "db": "USCERT",
        "id": "SA08-071A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001031",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-246",
        "trust": 0.7
      },
      {
        "db": "MS",
        "id": "MS08-014",
        "trust": 0.6
      },
      {
        "db": "CERT/CC",
        "id": "TA08-071A",
        "trust": 0.6
      },
      {
        "db": "HP",
        "id": "SSRT080028",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "5287",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-30206",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "62693",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64511",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30206"
      },
      {
        "db": "BID",
        "id": "27305"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001031"
      },
      {
        "db": "PACKETSTORM",
        "id": "62693"
      },
      {
        "db": "PACKETSTORM",
        "id": "64511"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-246"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0081"
      }
    ]
  },
  "id": "VAR-200801-0023",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30206"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T21:48:56.029000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "MS08-014e Fujitsu Fujitsu \u00a0 Public vulnerability information",
        "trust": 0.8,
        "url": "http://support.microsoft.com/?scid=kb%3Ben-us%3B949029\u0026x=19\u0026y=10"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001031"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-908",
        "trust": 1.0
      },
      {
        "problemtype": "Use of uninitialized resources (CWE-908) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001031"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0081"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/27305"
      },
      {
        "trust": 2.5,
        "url": "http://www.us-cert.gov/cas/techalerts/ta08-071a.html"
      },
      {
        "trust": 2.5,
        "url": "http://securitytracker.com/id?1019200"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/28506"
      },
      {
        "trust": 2.1,
        "url": "http://www.microsoft.com/technet/security/advisory/947563.mspx"
      },
      {
        "trust": 1.6,
        "url": "http://www.symantec.com/security_response/writeup.jsp?docid=2008-030516-1836-99"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/39699"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2008/0146"
      },
      {
        "trust": 1.1,
        "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5546"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/0146"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/0846/references"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39699"
      },
      {
        "trust": 0.9,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms08-014.mspx"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta08-071a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta08-071a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0081"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2008/at080004.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/2008/20080421_160353.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa08-071a.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.ipa.go.jp/security/ciadr/vul/20080312-ms08-014.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.iss.net/threats/288.html"
      },
      {
        "trust": 0.8,
        "url": "http://isc.sans.org/diary.html?storyid=4117"
      },
      {
        "trust": 0.8,
        "url": "http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?vname=troj%5fmdrop%2eah"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2008/0846/references"
      },
      {
        "trust": 0.6,
        "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5546"
      },
      {
        "trust": 0.3,
        "url": "http://office.microsoft.com/excel"
      },
      {
        "trust": 0.3,
        "url": "http://support.microsoft.com/kb/935865"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.technet.com/swi/archive/2008/03/11/the-case-of-the-uninitialized-stack-variable-vulnerability.aspx"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.technet.com/msrc/archive/2008/01/15/msrc-blog-security-advisory-947563.aspx"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=120585858807305\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/2276/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/2275/"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/?page=changelog"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/28506/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/4043/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3054/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/24/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/7700/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/4970/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/2278/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/2277/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/8713/"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=ms08-mar\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/windowsserversystem/updateservices/default.mspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta08-071a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms08-mar.mspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://www.update.microsoft.com/microsoftupdate/\u003e"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30206"
      },
      {
        "db": "BID",
        "id": "27305"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001031"
      },
      {
        "db": "PACKETSTORM",
        "id": "62693"
      },
      {
        "db": "PACKETSTORM",
        "id": "64511"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-246"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0081"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-30206"
      },
      {
        "db": "BID",
        "id": "27305"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001031"
      },
      {
        "db": "PACKETSTORM",
        "id": "62693"
      },
      {
        "db": "PACKETSTORM",
        "id": "64511"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-246"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0081"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-01-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-30206"
      },
      {
        "date": "2008-01-15T00:00:00",
        "db": "BID",
        "id": "27305"
      },
      {
        "date": "2008-01-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001031"
      },
      {
        "date": "2008-01-17T04:45:41",
        "db": "PACKETSTORM",
        "id": "62693"
      },
      {
        "date": "2008-03-13T04:19:58",
        "db": "PACKETSTORM",
        "id": "64511"
      },
      {
        "date": "2008-01-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200801-246"
      },
      {
        "date": "2008-01-16T23:00:00",
        "db": "NVD",
        "id": "CVE-2008-0081"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-30206"
      },
      {
        "date": "2008-04-08T22:18:00",
        "db": "BID",
        "id": "27305"
      },
      {
        "date": "2024-02-29T02:58:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001031"
      },
      {
        "date": "2008-09-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200801-246"
      },
      {
        "date": "2024-11-21T00:41:07.470000",
        "db": "NVD",
        "id": "CVE-2008-0081"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "64511"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-246"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft\u00a0Excel\u00a0 memory corruption vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001031"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "design error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-246"
      }
    ],
    "trust": 0.6
  }
}

gsd-2008-0081

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2008-0081

Aliases

CVE-2008-0081

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0081",
    "description": "Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka \"Macro Validation Vulnerability,\" a different vulnerability than CVE-2007-3490.",
    "id": "GSD-2008-0081"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0081"
      ],
      "details": "Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka \"Macro Validation Vulnerability,\" a different vulnerability than CVE-2007-3490.",
      "id": "GSD-2008-0081",
      "modified": "2023-12-13T01:22:58.191677Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2008-0081",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka \"Macro Validation Vulnerability,\" a different vulnerability than CVE-2007-3490."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1019200",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1019200"
          },
          {
            "name": "oval:org.mitre.oval:def:5546",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5546"
          },
          {
            "name": "microsoft-excel-unspecified-code-execution(39699)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39699"
          },
          {
            "name": "TA08-071A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
          },
          {
            "name": "947563",
            "refsource": "MSKB",
            "url": "http://www.microsoft.com/technet/security/advisory/947563.mspx"
          },
          {
            "name": "27305",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/27305"
          },
          {
            "name": "MS08-014",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
          },
          {
            "name": "SSRT080028",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
          },
          {
            "name": "HPSBST02320",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
          },
          {
            "name": "ADV-2008-0146",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0146"
          },
          {
            "name": "ADV-2008-0846",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0846/references"
          },
          {
            "name": "28506",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28506"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:microsoft:excel:2000:sp3:*:*:*:*:*:*",
                    "matchCriteriaId": "439B26BA-376C-4D6B-B7BA-B66B8BDA8E37",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
                    "matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:excel:2003:sp2:*:*:*:*:*:*",
                    "matchCriteriaId": "A07483B7-E30C-43F3-B54B-2864BE9AD704",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:office:2004:*:*:*:*:macos:*:*",
                    "matchCriteriaId": "0B191155-67F2-4C6E-BD0C-AF5AF6F04BA1",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka \"Macro Validation Vulnerability,\" a different vulnerability than CVE-2007-3490."
          },
          {
            "lang": "es",
            "value": "Una vulnerabilidad no especificada en Microsoft Excel 2000 SP3 hasta 2003 SP2, Viewer 2003 y Office 2004 para Mac, permite a atacantes remotos asistidos por el usuario ejecutar c\u00f3digo arbitrario por medio de macros dise\u00f1adas, tambi\u00e9n se conoce como \"VMacro Validation Vulnerability,\" una vulnerabilidad diferente de CVE-2007-3490."
          }
        ],
        "id": "CVE-2008-0081",
        "lastModified": "2024-02-08T23:42:31.667",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "HIGH",
              "cvssData": {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "integrityImpact": "COMPLETE",
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              "exploitabilityScore": 8.6,
              "impactScore": 10.0,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2008-01-16T23:00:00.000",
        "references": [
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Mailing List"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
          },
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/28506"
          },
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://securitytracker.com/id?1019200"
          },
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Broken Link",
              "Patch",
              "Vendor Advisory"
            ],
            "url": "http://www.microsoft.com/technet/security/advisory/947563.mspx"
          },
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Broken Link",
              "Patch",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securityfocus.com/bid/27305"
          },
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "US Government Resource"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
          },
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0146"
          },
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0846/references"
          },
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Patch",
              "Vendor Advisory"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
          },
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39699"
          },
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Broken Link"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5546"
          }
        ],
        "sourceIdentifier": "secure@microsoft.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-908"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

fkie_cve-2008-0081

Vulnerability from fkie_nvd

Published

2008-01-16 23:00

Modified

2025-04-09 00:30

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secure@microsoft.com	http://marc.info/?l=bugtraq&m=120585858807305&w=2	Mailing List
secure@microsoft.com	http://secunia.com/advisories/28506	Broken Link, Vendor Advisory
secure@microsoft.com	http://securitytracker.com/id?1019200	Broken Link, Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.microsoft.com/technet/security/advisory/947563.mspx	Broken Link, Patch, Vendor Advisory
secure@microsoft.com	http://www.securityfocus.com/bid/27305	Broken Link, Patch, Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA08-071A.html	Broken Link, Third Party Advisory, US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2008/0146	Broken Link, Vendor Advisory
secure@microsoft.com	http://www.vupen.com/english/advisories/2008/0846/references	Broken Link, Vendor Advisory
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014	Patch, Vendor Advisory
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/39699	Third Party Advisory, VDB Entry
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5546	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=120585858807305&w=2	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28506	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1019200	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.microsoft.com/technet/security/advisory/947563.mspx	Broken Link, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27305	Broken Link, Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-071A.html	Broken Link, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0146	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0846/references	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/39699	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5546	Broken Link

Impacted products

Vendor	Product	Version
microsoft	excel	2000
microsoft	excel	2002
microsoft	excel	2003
microsoft	excel_viewer	2003
microsoft	office	2004

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "439B26BA-376C-4D6B-B7BA-B66B8BDA8E37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2003:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "A07483B7-E30C-43F3-B54B-2864BE9AD704",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:*:*:*:macos:*:*",
              "matchCriteriaId": "0B191155-67F2-4C6E-BD0C-AF5AF6F04BA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka \"Macro Validation Vulnerability,\" a different vulnerability than CVE-2007-3490."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad no especificada en Microsoft Excel 2000 SP3 hasta 2003 SP2, Viewer 2003 y Office 2004 para Mac, permite a atacantes remotos asistidos por el usuario ejecutar c\u00f3digo arbitrario por medio de macros dise\u00f1adas, tambi\u00e9n se conoce como \"VMacro Validation Vulnerability,\" una vulnerabilidad diferente de CVE-2007-3490."
    }
  ],
  "id": "CVE-2008-0081",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2008-01-16T23:00:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28506"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1019200"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/947563.mspx"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link",
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/27305"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0146"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0846/references"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39699"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5546"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=120585858807305\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28506"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1019200"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/947563.mspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/27305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0146"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0846/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39699"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5546"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-908"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-908"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2008-0081 (GCVE-0-2008-0081)

Vulnerability from cvelistv5

CERTA-2008-ALE-003

Vulnerability from certfr_alerte

Description

Contournement provisoire

Solution

CERTA-2008-AVI-125

Vulnerability from certfr_avis

Description

Solution

ghsa-h6j8-g36h-j99v

Vulnerability from github

var-200801-0023

Vulnerability from variot

gsd-2008-0081

Vulnerability from gsd

fkie_cve-2008-0081

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature