Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416) |
Informations | |||
---|---|---|---|
Name | MS08-057 | First vendor Publication | 2008-10-14 |
Vendor | Microsoft | Last vendor Modification | 2008-10-29 |
Severity (Vendor) | Critical | Revision | 1.2 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.2 (October 29, 2008): Added entry to the section, Frequently Asked Questions (FAQ) Related to This Security Update, to explain any additional security features included in this update for Microsoft Office 2003 Service Pack 2. Added missing entries for Excel 2003 Service Pack 3 to the section, Detection and Deployment Tools and Guidance. Finally, corrected references to Windows Installer Redistributable in the section, Security Update Deployment. This is an informational change only. There were no changes to the security update binaries.Summary: This security update resolves three privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS08-057.mspx |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
CAPEC-7 | Blind SQL Injection |
CAPEC-8 | Buffer Overflow in an API Call |
CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
CAPEC-10 | Buffer Overflow via Environment Variables |
CAPEC-13 | Subverting Environment Variable Values |
CAPEC-14 | Client-side Injection-induced Buffer Overflow |
CAPEC-18 | Embedding Scripts in Nonscript Elements |
CAPEC-22 | Exploiting Trust in Client (aka Make the Client Invisible) |
CAPEC-24 | Filter Failure through Buffer Overflow |
CAPEC-28 | Fuzzing |
CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
CAPEC-32 | Embedding Scripts in HTTP Query Strings |
CAPEC-42 | MIME Conversion |
CAPEC-43 | Exploiting Multiple Input Interpretation Layers |
CAPEC-45 | Buffer Overflow via Symbolic Links |
CAPEC-46 | Overflow Variables and Tags |
CAPEC-47 | Buffer Overflow via Parameter Expansion |
CAPEC-52 | Embedding NULL Bytes |
CAPEC-53 | Postfix, Null Terminate, and Backslash |
CAPEC-63 | Simple Script Injection |
CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic |
CAPEC-66 | SQL Injection |
CAPEC-67 | String Format Overflow in syslog() |
CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic |
CAPEC-72 | URL Encoding |
CAPEC-73 | User-Controlled Filename |
CAPEC-78 | Using Escaped Slashes in Alternate Encoding |
CAPEC-79 | Using Slashes in Alternate Encoding |
CAPEC-80 | Using UTF-8 Encoding to Bypass Validation Logic |
CAPEC-81 | Web Logs Tampering |
CAPEC-83 | XPath Injection |
CAPEC-85 | Client Network Footprinting (using AJAX/XSS) |
CAPEC-86 | Embedding Script (XSS ) in HTTP Headers |
CAPEC-88 | OS Command Injection |
CAPEC-91 | XSS in IMG Tags |
CAPEC-99 | XML Parser Attack |
CAPEC-101 | Server Side Include (SSI) Injection |
CAPEC-104 | Cross Zone Scripting |
CAPEC-106 | Cross Site Scripting through Log Files |
CAPEC-108 | Command Line Execution through SQL Injection |
CAPEC-109 | Object Relational Mapping Injection |
CAPEC-110 | SQL Injection through SOAP Parameter Tampering |
CAPEC-171 | Variable Manipulation |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
33 % | CWE-399 | Resource Management Errors |
33 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5750 | |||
Oval ID: | oval:org.mitre.oval:def:5750 | ||
Title: | File Format Parsing Vulnerability | ||
Description: | Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a BIFF file with a malformed record that triggers a user-influenced size calculation, aka "File Format Parsing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-3471 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Office Excel Viewer 2003 Microsoft Office Excel Viewer 2007 Microsoft Office Compatibility Pack |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5870 | |||
Oval ID: | oval:org.mitre.oval:def:5870 | ||
Title: | Calendar Object Validation Vulnerability | ||
Description: | Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-3477 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6102 | |||
Oval ID: | oval:org.mitre.oval:def:6102 | ||
Title: | Formula Parsing Vulnerability | ||
Description: | Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka "Formula Parsing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-4019 | Version: | 12 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Office Excel Viewer 2003 Microsoft Office Excel Viewer 2007 Microsoft Office SharePoint Server 2007 Microsoft Office Compatibility Pack |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 | |
Application | 3 | |
Application | 4 | |
Application | 2 | |
Application | 2 | |
Application | 1 | |
Application | 4 |
SAINT Exploits
Description | Link |
---|---|
Microsoft Excel formula parsing integer overflow | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2008-10-15 | Name : Microsoft Excel Remote Code Execution Vulnerability (956416) File : nvt/secpod_ms08-057_900048.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
49078 | Microsoft Excel Embedded Formula Parsing Arbitrary Code Execution |
49077 | Microsoft Excel Calendar Object Validation VBA Performance Cache Processing A... |
49076 | Microsoft Excel BIFF File Malformed Object Handling Arbitrary Code Execution |
Snort® IPS/IDS
Date | Description |
---|---|
2019-10-01 | Microsoft Office Excel invalid FRTWrapper record integer underflow attempt RuleID : 51314 - Revision : 1 - Type : FILE-OFFICE |
2019-10-01 | Microsoft Office Excel invalid FRTWrapper record integer underflow attempt RuleID : 51313 - Revision : 1 - Type : FILE-OFFICE |
2017-08-24 | Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt RuleID : 43699 - Revision : 2 - Type : FILE-OFFICE |
2017-08-24 | Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt RuleID : 43698 - Revision : 2 - Type : FILE-OFFICE |
2016-03-25 | Microsoft Office Excel file with embedded ActiveX control RuleID : 37846 - Revision : 1 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt RuleID : 26175 - Revision : 4 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel FRTWrapper record buffer overflow attempt RuleID : 26174 - Revision : 4 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel REPT integer underflow attempt RuleID : 17734 - Revision : 12 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel FRTWrapper record buffer overflow attempt RuleID : 16800 - Revision : 17 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel REPT integer underflow attempt RuleID : 14655 - Revision : 14 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel file with embedded ActiveX control RuleID : 14642 - Revision : 17 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt RuleID : 14641 - Revision : 21 - Type : FILE-OFFICE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-10-20 | Name : An application installed on the remote Mac OS X host is affected by multiple ... File : macosx_ms08-057.nasl - Type : ACT_GATHER_INFO |
2008-10-15 | Name : Arbitrary code can be executed on the remote host through Microsoft Excel. File : smb_nt_ms08-057.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:46:04 |
|
2014-01-19 21:30:14 |
|
2013-05-11 00:49:22 |
|