CVE Vulnerability

CVE-2008-3005

Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."

9.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://www.securityfocus.com/bid/30639
http://secunia.com/advisories/31454 Vendor Advisory
http://www.securitytracker.com/id?1020671
http://marc.info/?l=bugtraq&m=121915960406986&w=2
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=741
http://www.us-cert.gov/cas/techalerts/TA08-225A.html US Government Resource
http://www.vupen.com/english/advisories/2008/2347 Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5837
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-043
Configurations

Configuration 1

cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
Information

Published : 2008-08-12 11:41

Updated : 2018-10-30 04:26

NVD link : CVE-2008-3005

Mitre link : CVE-2008-3005

Products Affected
No products.
CWE
CWE-20