Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2008-4264 | First vendor Publication | 2008-12-10 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed formula, which triggers "pointer corruption" during the loading of formulas from this spreadsheet, aka "File Format Parsing Vulnerability." |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4264 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:5556 | |||
| Oval ID: | oval:org.mitre.oval:def:5556 | ||
| Title: | File Format Parsing Vulnerability | ||
| Description: | Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed formula, which triggers "pointer corruption" during the loading of formulas from this spreadsheet, aka "File Format Parsing Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-4264 | Version: | 10 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Office Excel Viewer 2003 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 3 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-12-10 | Name : Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (... File : nvt/secpod_ms08-074.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 50555 | Microsoft Excel Malformed Formula Parsing Memory Corruption Excel, Excel Viewer, Office Compatibility Pack for Word, Excel and PowerPoint 2007 File Formats, Office for Mac and Open XML File Format Converter for Mac contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when Excel processes a specially crafted Excel spreadsheet with a malformed formula triggering pointer corruption. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2019-10-01 | Microsoft Office Excel TXO and OBJ records parsing stack memory corruption at... RuleID : 51364 - Revision : 1 - Type : FILE-OFFICE |
| 2019-10-01 | Microsoft Office Excel TXO and OBJ records parsing stack memory corruption at... RuleID : 51363 - Revision : 1 - Type : FILE-OFFICE |
| 2014-11-16 | Microsoft Office Excel TXO and OBJ records parsing stack memory corruption at... RuleID : 31592 - Revision : 2 - Type : FILE-OFFICE |
| 2014-11-16 | Microsoft Office Excel TXO and OBJ records parsing stack memory corruption at... RuleID : 31591 - Revision : 3 - Type : FILE-OFFICE |
| 2014-02-21 | Microsoft Office Excel country record arbitrary code execution attempt RuleID : 29404 - Revision : 2 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Excel TXO and OBJ records parsing stack memory corruption at... RuleID : 21932 - Revision : 4 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Excel TXO and OBJ records parsing stack memory corruption at... RuleID : 21931 - Revision : 5 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Excel malformed OBJ record memory corruption attempt RuleID : 15117 - Revision : 14 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Excel country record arbitrary code execution attempt RuleID : 13972 - Revision : 23 - Type : FILE-OFFICE |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-10-20 | Name : An application installed on the remote Mac OS X host is affected by multiple ... File : macosx_ms_office_dec2008.nasl - Type : ACT_GATHER_INFO |
| 2008-12-10 | Name : Arbitrary code can be executed on the remote host through Microsoft Excel. File : smb_nt_ms08-074.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:12:45 |
|
| 2024-11-28 12:16:35 |
|
| 2020-05-23 00:22:19 |
|
| 2018-10-13 00:22:43 |
|
| 2017-09-29 09:23:44 |
|
| 2016-06-28 17:18:27 |
|
| 2016-04-26 17:51:34 |
|
| 2014-02-17 10:46:44 |
|
| 2014-01-19 21:25:17 |
|
| 2013-05-11 00:27:05 |
|
