This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2008-10-14
Product Excel Viewer Last view 2019-03-05
Version - Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:excel_viewer

Activity : Overall

Related : CVE

  Date Alert Description
6.5 2019-03-05 CVE-2019-0669

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
5.5 2019-03-05 CVE-2019-0540

A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'.
5.5 2018-06-14 CVE-2018-8246

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.
7.8 2016-12-20 CVE-2016-7262

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka "Microsoft Office Security Feature Bypass Vulnerability."
7.8 2013-11-06 CVE-2013-3906

GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013.
9.3 2008-10-14 CVE-2008-4019

Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka "Formula Parsing Vulnerability."
9.3 2008-10-14 CVE-2008-3471

Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a BIFF file with a malformed record that triggers a user-influenced size calculation, aka "File Format Parsing Vulnerability."

CWE : Common Weakness Enumeration

%idName
20% (1) CWE-787 Out-of-bounds Write
20% (1) CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
20% (1) CWE-200 Information Exposure
20% (1) CWE-190 Integer Overflow or Wraparound
20% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')

SAINT Exploits

Description Link
Microsoft Excel formula parsing integer overflow More info here

Open Source Vulnerability Database (OSVDB)

id Description
49078 Microsoft Excel Embedded Formula Parsing Arbitrary Code Execution
49076 Microsoft Excel BIFF File Malformed Object Handling Arbitrary Code Execution

ExploitDB Exploits

id Description
30011 Microsoft Tagged Image File Format (TIFF) Integer Overflow

OpenVAS Exploits

id Description
2008-10-15 Name : Microsoft Excel Remote Code Execution Vulnerability (956416)
File : nvt/secpod_ms08-057_900048.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2013-A-0225 Microsoft GDI Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0042593

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2019-10-01 Microsoft Office Excel invalid FRTWrapper record integer underflow attempt
RuleID : 51314 - Type : FILE-OFFICE - Revision : 1
2019-10-01 Microsoft Office Excel invalid FRTWrapper record integer underflow attempt
RuleID : 51313 - Type : FILE-OFFICE - Revision : 1
2019-03-12 Microsoft Excel information disclosure attempt
RuleID : 49133 - Type : FILE-OFFICE - Revision : 1
2019-03-12 Microsoft Excel information disclosure attempt
RuleID : 49132 - Type : FILE-OFFICE - Revision : 1
2018-08-16 Microsoft Office Excel ddeService command execution attempt
RuleID : 47176 - Type : FILE-OFFICE - Revision : 1
2018-08-16 Microsoft Office Excel ddeService command execution attempt
RuleID : 47175 - Type : FILE-OFFICE - Revision : 2
2017-08-24 Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt
RuleID : 43699 - Type : FILE-OFFICE - Revision : 2
2017-08-24 Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt
RuleID : 43698 - Type : FILE-OFFICE - Revision : 2
2017-01-10 Microsoft Office Excel ddeService command execution attempt
RuleID : 40960 - Type : FILE-OFFICE - Revision : 3
2017-01-10 Microsoft Office Excel ddeService command execution attempt
RuleID : 40959 - Type : FILE-OFFICE - Revision : 3
2014-01-10 Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28526 - Type : FILE-OFFICE - Revision : 8
2014-01-10 Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28525 - Type : FILE-OFFICE - Revision : 9
2014-01-10 Microsoft GDI library TIFF handling memory corruption attempt
RuleID : 28488 - Type : OS-WINDOWS - Revision : 3
2014-01-10 Microsoft GDI library TIFF handling memory corruption attempt
RuleID : 28487 - Type : OS-WINDOWS - Revision : 3
2014-01-10 Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28473 - Type : FILE-OFFICE - Revision : 8
2014-01-10 Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28472 - Type : FILE-OFFICE - Revision : 9
2014-01-10 Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28471 - Type : FILE-OFFICE - Revision : 9
2014-01-10 Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28470 - Type : FILE-OFFICE - Revision : 9
2014-01-10 Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28469 - Type : FILE-OFFICE - Revision : 9
2014-01-10 Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28468 - Type : FILE-OFFICE - Revision : 9
2014-01-10 Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28467 - Type : FILE-OFFICE - Revision : 9
2014-01-10 Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28466 - Type : FILE-OFFICE - Revision : 10
2014-01-10 Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28465 - Type : FILE-OFFICE - Revision : 9
2014-01-10 Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28464 - Type : FILE-OFFICE - Revision : 9
2014-01-10 Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt
RuleID : 26175 - Type : FILE-OFFICE - Revision : 4

Nessus® Vulnerability Scanner

id Description
2016-12-14 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: smb_nt_ms16-148.nasl - Type: ACT_GATHER_INFO
2013-12-11 Name: The remote Windows host has a remote code execution vulnerability.
File: smb_nt_ms13-096.nasl - Type: ACT_GATHER_INFO
2010-10-20 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms08-057.nasl - Type: ACT_GATHER_INFO
2008-10-15 Name: Arbitrary code can be executed on the remote host through Microsoft Excel.
File: smb_nt_ms08-057.nasl - Type: ACT_GATHER_INFO