Excel Parsing Vulnerability in Microsoft Office Products
CVE-2010-0258

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Open Xml File Format Converter
Office
Office Excel Viewer
Office Sharepoint Server
Vendor
CVE Published:
10 March 2010

Summary

Multiple versions of Microsoft Office Excel are susceptible to an object type confusion vulnerability that arises from improper parsing of Excel file formats. This flaw can be exploited by malicious attackers, allowing them to craft specifically tailored spreadsheets that, when opened, may cause the software to misinterpret memory objects. Consequently, this could enable the execution of arbitrary code on the victim's machine, highlighting significant risks particularly for users with outdated versions of Office.

References

http://labs.idefense.com/intelligence/vulnerabilities/dis...
third-party-advisoryx_refsource_IDEFENSE
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS

EPSS Score

71% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.