Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3477

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-3477
Last Modified 07 Mar 2011 10:10:52
Published 14 Oct 2008 08:12:15
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3477

Summary

Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability."

Vulnerable Systems

Application

  • Microsoft Internet Explorer 5.01

  • Microsoft Internet Explorer 6

  • Microsoft Internet Explorer 7


References

CERT - TA08-288A

BID - 31702

MS - MS08-057

SECUNIA - 32211

XF - win-ms08kb956416-update(45581)

XF - excel-calendar-code-execution(45566)

VUPEN - ADV-2008-2808

SECTRACK - 1021044

HP - SSRT080143

IDEFENSE - 20081014 Microsoft Visual Basic for Applications - Multiple Vulnerabilities

HP - HPSBST02379

Related Patches

MS08-057 956416 958312 Microsoft Office 2004 for Mac Update 11.5.2 (Rev 3)

MS08-057 956416 958267 Microsoft Office 2008 for Mac Update 12.1.3


Last Updated: 27 May 2016 10:49:56