Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3005

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-3005
Last Modified 27 Sep 2011 12:00:00
Published 12 Aug 2008 07:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3005

Summary

Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."

Vulnerable Systems

Application

  • Microsoft Office 2000

  • Microsoft Office 2002

  • Microsoft Office 2004

  • Microsoft Office 2008


References

CERT - TA08-225A

MS - MS08-043

VUPEN - ADV-2008-2347

SECTRACK - 1020671

BID - 30639

SECUNIA - 31454

HP - SSRT080117

IDEFENSE - 20080812 Microsoft Excel FORMAT Record Invalid Array Index Vulnerability

HP - HPSBST02360

Related Patches

MS08-043 954066 956344 Microsoft Office 2008 for Mac Update 12.1.2

MS08-043 954066 MS08-051 949785 956343 Microsoft Office 2004 for Mac Update 11.5.1 (Rev 2)


Last Updated: 27 May 2016 10:49:56