Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3003

Overview

Vulnerability Score 6.6 6.6
CVE Id CVE-2008-3003
Last Modified 07 Mar 2011 12:00:00
Published 12 Aug 2008 07:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-3003

Summary

Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."

Vulnerable Systems

Application

  • Microsoft Office 2007


References

CERT - TA08-225A

MS - MS08-043

VUPEN - ADV-2008-2347

SECTRACK - 1020669

BID - 30641

SECUNIA - 31454

HP - HPSBST02360

HP - SSRT080117

Related Patches

MS08-043 954066 956344 Microsoft Office 2008 for Mac Update 12.1.2

MS08-043 954066 MS08-051 949785 956343 Microsoft Office 2004 for Mac Update 11.5.1 (Rev 2)


Last Updated: 27 May 2016 10:49:54