Executive Summary

Informations
Name CVE-2010-0260 First vendor Publication 2010-03-10
Vendor Cve Last vendor Modification 2018-10-12

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXTUPLE record is broken up into several records," aka "Microsoft Office Excel MDXTUPLE Record Heap Overflow Vulnerability."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0260

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:7862
 
Oval ID: oval:org.mitre.oval:def:7862
Title: Microsoft Office Excel MDXTUPLE Record Heap Overflow Vulnerability
Description: Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXTUPLE record is broken up into several records," aka "Microsoft Office Excel MDXTUPLE Record Heap Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-0260
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2007
Microsoft Office Excel Viewer
Microsoft Office Compatibility Pack
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 4
Application 2
Application 2
Application 2
Application 4
Application 1

OpenVAS Exploits

Date Description
2010-03-10 Name : Microsoft Office Excel Multiple Vulnerabilities (980150)
File : nvt/secpod_ms10-017.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
62819 Microsoft Office Excel MDXTUPLE Record Handling Overflow

Snort® IPS/IDS

Date Description
2017-10-10 Microsoft Office Excel sheet object type confusion exploit attempt
RuleID : 44296 - Revision : 2 - Type : FILE-OFFICE
2017-10-10 Microsoft Office Excel BIFF8 formulas from records parsing code execution att...
RuleID : 44292 - Revision : 1 - Type : FILE-OFFICE
2017-10-10 Microsoft Office Excel BIFF5 formulas from records parsing code execution att...
RuleID : 44291 - Revision : 1 - Type : FILE-OFFICE
2017-10-10 Microsoft Office Excel sheet object type confusion exploit attempt
RuleID : 44290 - Revision : 3 - Type : FILE-OFFICE
2017-10-10 Microsoft Office Excel sheet object type confusion exploit attempt
RuleID : 44289 - Revision : 2 - Type : FILE-OFFICE
2016-10-01 Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access...
RuleID : 39992 - Revision : 1 - Type : FILE-OFFICE
2016-10-01 Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access...
RuleID : 39991 - Revision : 1 - Type : FILE-OFFICE
2016-10-01 Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access...
RuleID : 39990 - Revision : 1 - Type : FILE-OFFICE
2016-10-01 Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access...
RuleID : 39989 - Revision : 1 - Type : FILE-OFFICE
2016-10-01 Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access...
RuleID : 39988 - Revision : 1 - Type : FILE-OFFICE
2014-04-24 Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution a...
RuleID : 30248 - Revision : 3 - Type : FILE-OFFICE
2014-04-24 Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution a...
RuleID : 30247 - Revision : 3 - Type : FILE-OFFICE
2014-04-24 Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt
RuleID : 30246 - Revision : 3 - Type : FILE-OFFICE
2014-04-24 Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt
RuleID : 30245 - Revision : 3 - Type : FILE-OFFICE
2014-04-24 Microsoft Office Excel DbOrParamQry.fOdbcConn parsing remote code execution a...
RuleID : 30244 - Revision : 3 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel FNGROUPNAME record memory corruption attempt
RuleID : 23010 - Revision : 6 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel sheet object type confusion exploit attempt
RuleID : 21943 - Revision : 6 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel sheet object type confusion exploit attempt
RuleID : 21942 - Revision : 5 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution a...
RuleID : 21930 - Revision : 5 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution a...
RuleID : 21929 - Revision : 5 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel FNGROUPNAME record memory corruption attempt
RuleID : 20029 - Revision : 14 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel EntExU2 write access violation attempt
RuleID : 19133 - Revision : 15 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel sheet object type confusion exploit attempt
RuleID : 18740 - Revision : 17 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access...
RuleID : 18541 - Revision : 15 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt
RuleID : 16471 - Revision : 16 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt
RuleID : 16470 - Revision : 16 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel DbOrParamQry.fOdbcConn parsing remote code execution a...
RuleID : 16469 - Revision : 17 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access...
RuleID : 16468 - Revision : 16 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access...
RuleID : 16467 - Revision : 16 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel uninitialized stack variable code execution attempt
RuleID : 16466 - Revision : 15 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel ContinueFRT12 and MDXSet heap overflow attempt
RuleID : 16465 - Revision : 17 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel ContinueFRT12 heap overflow attempt
RuleID : 16464 - Revision : 17 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel BIFF5 formulas from records parsing code execution att...
RuleID : 16463 - Revision : 15 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel BIFF8 formulas from records parsing code execution att...
RuleID : 16462 - Revision : 15 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel EntExU2 write access violation attempt
RuleID : 16461 - Revision : 22 - Type : FILE-OFFICE

Nessus® Vulnerability Scanner

Date Description
2010-10-20 Name : An application installed on the remote Mac OS X host is affected by multiple ...
File : macosx_ms10-017.nasl - Type : ACT_GATHER_INFO
2010-03-09 Name : Arbitrary code can be executed on the remote host through Microsoft Office Ex...
File : smb_nt_ms10-017.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CERT http://www.us-cert.gov/cas/techalerts/TA10-068A.html
IDEFENSE http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=862
MS https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10...
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SECTRACK http://www.securitytracker.com/id?1023698

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
Date Informations
2021-05-04 12:11:03
  • Multiple Updates
2021-04-22 01:11:34
  • Multiple Updates
2020-05-23 00:25:09
  • Multiple Updates
2018-10-13 00:22:54
  • Multiple Updates
2017-09-19 09:23:37
  • Multiple Updates
2016-04-26 19:31:44
  • Multiple Updates
2014-02-17 10:53:30
  • Multiple Updates
2014-01-19 21:26:34
  • Multiple Updates
2013-08-29 17:20:05
  • Multiple Updates
2013-05-10 23:16:56
  • Multiple Updates