CVE-2008-0113

Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://marc.info/?l=bugtraq&m=120585858807305&w=2
http://marc.info/?l=bugtraq&m=120585858807305&w=2
http://secunia.com/advisories/29321	Vendor Advisory
http://www.securityfocus.com/archive/1/489415/100/0/threaded
http://www.securitytracker.com/id?1019578
http://www.us-cert.gov/cas/techalerts/TA08-071A.html	US Government Resource
http://www.vupen.com/english/advisories/2008/0848/references	Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-008
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-016
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5421
http://marc.info/?l=bugtraq&m=120585858807305&w=2
http://marc.info/?l=bugtraq&m=120585858807305&w=2
http://secunia.com/advisories/29321	Vendor Advisory
http://www.securityfocus.com/archive/1/489415/100/0/threaded
http://www.securitytracker.com/id?1019578
http://www.us-cert.gov/cas/techalerts/TA08-071A.html	US Government Resource
http://www.vupen.com/english/advisories/2008/0848/references	Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-008
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-016
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5421

Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*

History

21 Nov 2024, 00:41

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=bugtraq&m=120585858807305&w=2 -~~	() http://marc.info/?l=bugtraq&m=120585858807305&w=2 -
References	~~() http://secunia.com/advisories/29321 - Vendor Advisory~~	() http://secunia.com/advisories/29321 - Vendor Advisory
References	~~() http://www.securityfocus.com/archive/1/489415/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/489415/100/0/threaded -
References	~~() http://www.securitytracker.com/id?1019578 -~~	() http://www.securitytracker.com/id?1019578 -
References	~~() http://www.us-cert.gov/cas/techalerts/TA08-071A.html - US Government Resource~~	() http://www.us-cert.gov/cas/techalerts/TA08-071A.html - US Government Resource
References	~~() http://www.vupen.com/english/advisories/2008/0848/references - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2008/0848/references - Vendor Advisory
References	~~() http://www.zerodayinitiative.com/advisories/ZDI-08-008 -~~	() http://www.zerodayinitiative.com/advisories/ZDI-08-008 -
References	~~() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-016 -~~	() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-016 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5421 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5421 -

Information

Published : 2008-03-11 23:44

Updated : 2024-11-21 00:41

NVD link : CVE-2008-0113

Mitre link : CVE-2008-0113

CVE.ORG link : CVE-2008-0113

JSON object : View

Products Affected

microsoft

excel_viewer

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

NVD-CWE-noinfo

9.3 /10