Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150) |
Informations | |||
---|---|---|---|
Name | MS10-017 | First vendor Publication | 2010-03-09 |
Vendor | Microsoft | Last vendor Modification | 2010-03-10 |
Severity (Vendor) | Important | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.1 (March 10, 2010): Corrected the severity table to list Microsoft Office Excel 2003 as affected by CVE-2010-0262. Corrected the package file name for Excel 2007. Also corrected the list of affected software in the Executive Summary. These are informational changes only. Customers who have successfully updated their systems do not need to take further action.Summary: This security update resolves seven privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS10-017.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
83 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
17 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:7862 | |||
Oval ID: | oval:org.mitre.oval:def:7862 | ||
Title: | Microsoft Office Excel MDXTUPLE Record Heap Overflow Vulnerability | ||
Description: | Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXTUPLE record is broken up into several records," aka "Microsoft Office Excel MDXTUPLE Record Heap Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0260 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Microsoft Excel 2007 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7888 | |||
Oval ID: | oval:org.mitre.oval:def:7888 | ||
Title: | Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability | ||
Description: | Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0264 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Microsoft Excel 2002 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8407 | |||
Oval ID: | oval:org.mitre.oval:def:8407 | ||
Title: | Microsoft Office Excel XLSX File Parsing Code Execution Vulnerability | ||
Description: | Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Office SharePoint Server 2007 SP1 and SP2 do not validate ZIP headers during decompression of Open XML (.XLSX) documents, which allows remote attackers to execute arbitrary code via a crafted document that triggers access to uninitialized memory locations, aka "Microsoft Office Excel XLSX File Parsing Code Execution Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0263 MS10-017 | Version: | 14 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Microsoft Excel 2007 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack Microsoft Office SharePoint Server 2007 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8479 | |||
Oval ID: | oval:org.mitre.oval:def:8479 | ||
Title: | Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability | ||
Description: | Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0261 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Microsoft Excel 2007 Microsoft Office Compatibility Pack |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8545 | |||
Oval ID: | oval:org.mitre.oval:def:8545 | ||
Title: | Microsoft Office Excel Sheet Object Type Confusion Vulnerability | ||
Description: | Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that causes memory to be interpreted as a different object type than intended, aka "Microsoft Office Excel Sheet Object Type Confusion Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0258 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8562 | |||
Oval ID: | oval:org.mitre.oval:def:8562 | ||
Title: | Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability | ||
Description: | Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0262 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Microsoft Excel 2007 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8617 | |||
Oval ID: | oval:org.mitre.oval:def:8617 | ||
Title: | Microsoft Office Excel Record Memory Corruption Vulnerability | ||
Description: | Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0257 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Microsoft Excel 2002 |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Microsoft Excel DbOrParamQry memory corruption | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2010-03-10 | Name : Microsoft Office Excel Multiple Vulnerabilities (980150) File : nvt/secpod_ms10-017.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62823 | Microsoft Office Excel XLS File DbOrParamQry Record Parsing Overflow A memory corruption occurs on Microsoft Office Excel 2002 when parsing a .XLS file with a malformed DbOrParamQry record. This vulnerability could be used by a remote attacker to execute arbitrary code in the context of the currently logged on user, by enticing the user to open a specially crafted file. |
62822 | Microsoft Office Excel XLSX File ZIP Header Processing Memory Corruption |
62821 | Microsoft Office Excel FNGROUPNAME Record Handling Memory Corruption |
62820 | Microsoft Office Excel Workbook Globals Stream MDXSET Record Handling Overflow |
62819 | Microsoft Office Excel MDXTUPLE Record Handling Overflow |
62818 | Microsoft Office Excel Sheet Object Type Confusion Arbitrary Code Execution |
62817 | Microsoft Office Excel File Record Handling Unspecified Memory Corruption |
Snort® IPS/IDS
Date | Description |
---|---|
2017-10-10 | Microsoft Office Excel sheet object type confusion exploit attempt RuleID : 44296 - Revision : 2 - Type : FILE-OFFICE |
2017-10-10 | Microsoft Office Excel BIFF8 formulas from records parsing code execution att... RuleID : 44292 - Revision : 1 - Type : FILE-OFFICE |
2017-10-10 | Microsoft Office Excel BIFF5 formulas from records parsing code execution att... RuleID : 44291 - Revision : 1 - Type : FILE-OFFICE |
2017-10-10 | Microsoft Office Excel sheet object type confusion exploit attempt RuleID : 44290 - Revision : 3 - Type : FILE-OFFICE |
2017-10-10 | Microsoft Office Excel sheet object type confusion exploit attempt RuleID : 44289 - Revision : 2 - Type : FILE-OFFICE |
2016-10-01 | Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access... RuleID : 39992 - Revision : 1 - Type : FILE-OFFICE |
2016-10-01 | Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access... RuleID : 39991 - Revision : 1 - Type : FILE-OFFICE |
2016-10-01 | Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access... RuleID : 39990 - Revision : 1 - Type : FILE-OFFICE |
2016-10-01 | Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access... RuleID : 39989 - Revision : 1 - Type : FILE-OFFICE |
2016-10-01 | Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access... RuleID : 39988 - Revision : 1 - Type : FILE-OFFICE |
2014-04-24 | Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution a... RuleID : 30248 - Revision : 3 - Type : FILE-OFFICE |
2014-04-24 | Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution a... RuleID : 30247 - Revision : 3 - Type : FILE-OFFICE |
2014-04-24 | Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt RuleID : 30246 - Revision : 3 - Type : FILE-OFFICE |
2014-04-24 | Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt RuleID : 30245 - Revision : 3 - Type : FILE-OFFICE |
2014-04-24 | Microsoft Office Excel DbOrParamQry.fOdbcConn parsing remote code execution a... RuleID : 30244 - Revision : 3 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel FNGROUPNAME record memory corruption attempt RuleID : 23010 - Revision : 6 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel sheet object type confusion exploit attempt RuleID : 21943 - Revision : 6 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel sheet object type confusion exploit attempt RuleID : 21942 - Revision : 5 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution a... RuleID : 21930 - Revision : 5 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution a... RuleID : 21929 - Revision : 5 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel FNGROUPNAME record memory corruption attempt RuleID : 20029 - Revision : 14 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel EntExU2 write access violation attempt RuleID : 19133 - Revision : 15 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel sheet object type confusion exploit attempt RuleID : 18740 - Revision : 17 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access... RuleID : 18541 - Revision : 15 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt RuleID : 16471 - Revision : 16 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt RuleID : 16470 - Revision : 16 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel DbOrParamQry.fOdbcConn parsing remote code execution a... RuleID : 16469 - Revision : 17 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access... RuleID : 16468 - Revision : 16 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access... RuleID : 16467 - Revision : 16 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel uninitialized stack variable code execution attempt RuleID : 16466 - Revision : 15 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel ContinueFRT12 and MDXSet heap overflow attempt RuleID : 16465 - Revision : 17 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel ContinueFRT12 heap overflow attempt RuleID : 16464 - Revision : 17 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel BIFF5 formulas from records parsing code execution att... RuleID : 16463 - Revision : 15 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel BIFF8 formulas from records parsing code execution att... RuleID : 16462 - Revision : 15 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel EntExU2 write access violation attempt RuleID : 16461 - Revision : 22 - Type : FILE-OFFICE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-10-20 | Name : An application installed on the remote Mac OS X host is affected by multiple ... File : macosx_ms10-017.nasl - Type : ACT_GATHER_INFO |
2010-03-09 | Name : Arbitrary code can be executed on the remote host through Microsoft Office Ex... File : smb_nt_ms10-017.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-04-24 21:21:58 |
|
2014-02-17 11:46:29 |
|
2014-01-19 21:30:26 |
|