Executive Summary

Informations
NameCVE-2007-0030First vendor Publication2007-01-09
VendorCveLast vendor Modification2011-03-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides administrator access : Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0030

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:323
 
Oval ID: oval:org.mitre.oval:def:323
Title: Excel Malformed Column Record Vulnerability
Description: Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.
Family: windows Class: vulnerability
Reference(s): CVE-2007-0030
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): Microsoft Excel
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application3
Application1
Application5
Application2

ExploitDB Exploits

idDescription
2007-01-25Microsoft Excel Malformed Palette Record DoS PoC (MS07-002)

Open Source Vulnerability Database (OSVDB)

idDescription
31257Microsoft Excel Column Record Heap Corruption Remote Code Execution

Information Assurance Vulnerability Management (IAVM)

DateDescription
2007-01-12IAVM : 2007-A-0003 - Multiple Vulnerabilities in Microsoft Excel
Severity : Category II - VMSKEY : V0013574

Snort® IPS/IDS

DateDescription
2014-01-10Microsoft Office Excel Column record handling memory corruption attempt
RuleID : 17543 - Revision : 11 - Type : FILE-OFFICE

Nessus® Vulnerability Scanner

DateDescription
2007-01-09Name : Arbitrary code can be executed on the remote host through Microsoft Excel.
File : smb_nt_ms07-002.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/21925
CERThttp://www.us-cert.gov/cas/techalerts/TA07-009A.html
CERT-VNhttp://www.kb.cert.org/vuls/id/302836
HPhttp://www.securityfocus.com/archive/1/archive/1/457274/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/457274/100/0/threaded
IDEFENSEhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=460
MShttp://www.microsoft.com/technet/security/Bulletin/MS07-002.mspx
OSVDBhttp://www.osvdb.org/31257
SECTRACKhttp://securitytracker.com/id?1017487
VUPENhttp://www.vupen.com/english/advisories/2007/0103

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2014-02-17 10:38:28
  • Multiple Updates
2014-01-19 21:23:45
  • Multiple Updates
2013-11-11 12:37:38
  • Multiple Updates
2013-05-11 00:39:47
  • Multiple Updates