Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542) |
Informations | |||
---|---|---|---|
Name | MS07-036 | First vendor Publication | 2007-07-10 |
Vendor | Microsoft | Last vendor Modification | 2007-07-10 |
Severity (Vendor) | Critical | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
This critical update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in addition to other security issues identified during the course of the investigation. These vulnerabilities could allow remote code execution i |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/ms07-036.mspx?pubDate=2 (...) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1709 | |||
Oval ID: | oval:org.mitre.oval:def:1709 | ||
Title: | Workbook Memory Corruption Vulnerability | ||
Description: | Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability". | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-3030 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Excel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2029 | |||
Oval ID: | oval:org.mitre.oval:def:2029 | ||
Title: | Worksheet Memory Corruption Vulnerability | ||
Description: | Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-3029 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Excel |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:2123 | |||
Oval ID: | oval:org.mitre.oval:def:2123 | ||
Title: | Calculation Error Vulnerability | ||
Description: | Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability". | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-1756 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Excel |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 5 | |
Application | 1 | |
Application | 5 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
35959 | Microsoft Excel Viewer WorkBook Workspace Designation Memory Corruption |
35958 | Microsoft Excel Multiple Worksheet Unspecified Memory Corruption |
35957 | Microsoft Excel Version Information Validation Crafted File Arbitrary Code Ex... |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Office Excel workbook workspace designation handling arbitrary code... RuleID : 12184 - Revision : 16 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel rtWindow1 record handling arbitrary code execution att... RuleID : 12099 - Revision : 14 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel malformed version field RuleID : 12070 - Revision : 16 - Type : FILE-OFFICE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-10-20 | Name : An application installed on the remote Mac OS X host is affected by a remote ... File : macosx_ms07-036.nasl - Type : ACT_GATHER_INFO |
2007-07-10 | Name : Arbitrary code can be executed on the remote host through Microsoft Excel. File : smb_nt_ms07-036.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:45:42 |
|
2014-01-19 21:30:05 |
|