Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2008-4019 | First vendor Publication | 2008-10-14 |
Vendor | Cve | Last vendor Modification | 2022-02-09 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka "Formula Parsing Vulnerability." |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4019 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6102 | |||
Oval ID: | oval:org.mitre.oval:def:6102 | ||
Title: | Formula Parsing Vulnerability | ||
Description: | Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka "Formula Parsing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-4019 | Version: | 12 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Office Excel Viewer 2003 Microsoft Office Excel Viewer 2007 Microsoft Office SharePoint Server 2007 Microsoft Office Compatibility Pack |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 | |
Application | 3 | |
Application | 2 | |
Application | 2 | |
Application | 1 | |
Application | 4 |
SAINT Exploits
Description | Link |
---|---|
Microsoft Excel formula parsing integer overflow | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2008-10-15 | Name : Microsoft Excel Remote Code Execution Vulnerability (956416) File : nvt/secpod_ms08-057_900048.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
49078 | Microsoft Excel Embedded Formula Parsing Arbitrary Code Execution |
Snort® IPS/IDS
Date | Description |
---|---|
2019-10-01 | Microsoft Office Excel invalid FRTWrapper record integer underflow attempt RuleID : 51314 - Revision : 1 - Type : FILE-OFFICE |
2019-10-01 | Microsoft Office Excel invalid FRTWrapper record integer underflow attempt RuleID : 51313 - Revision : 1 - Type : FILE-OFFICE |
2017-08-24 | Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt RuleID : 43699 - Revision : 2 - Type : FILE-OFFICE |
2017-08-24 | Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt RuleID : 43698 - Revision : 2 - Type : FILE-OFFICE |
2016-03-25 | Microsoft Office Excel file with embedded ActiveX control RuleID : 37846 - Revision : 1 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt RuleID : 26175 - Revision : 4 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel FRTWrapper record buffer overflow attempt RuleID : 26174 - Revision : 4 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel REPT integer underflow attempt RuleID : 17734 - Revision : 12 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel FRTWrapper record buffer overflow attempt RuleID : 16800 - Revision : 17 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel REPT integer underflow attempt RuleID : 14655 - Revision : 14 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel file with embedded ActiveX control RuleID : 14642 - Revision : 17 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt RuleID : 14641 - Revision : 21 - Type : FILE-OFFICE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-10-20 | Name : An application installed on the remote Mac OS X host is affected by multiple ... File : macosx_ms08-057.nasl - Type : ACT_GATHER_INFO |
2008-10-15 | Name : Arbitrary code can be executed on the remote host through Microsoft Excel. File : smb_nt_ms08-057.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2022-02-10 12:06:19 |
|
2021-05-04 12:08:01 |
|
2021-04-22 01:08:22 |
|
2020-05-23 00:22:14 |
|
2019-03-18 12:01:48 |
|
2018-10-13 00:22:43 |
|
2017-09-29 09:23:42 |
|
2017-08-08 09:24:22 |
|
2016-04-26 17:48:50 |
|
2014-02-17 10:46:31 |
|
2014-01-19 21:25:13 |
|
2013-05-11 00:25:34 |
|