CVE-2007-3490

Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.milw0rm.com/sploits/06272007-2670.zip	Exploit
http://pstgroup.blogspot.com/2007/06/exploitmicrosoft-excel-20002003-sheet.html
http://www.securityfocus.com/bid/24691
http://www.securitytracker.com/id?1018321
http://osvdb.org/38954
https://exchange.xforce.ibmcloud.com/vulnerabilities/35132
https://www.exploit-db.com/exploits/4121

Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:excel:2003:sp2:*:*:*:*:*:*

Information

Published : 2007-06-29 11:30

Updated : 2017-09-28 18:29

NVD link : CVE-2007-3490

Mitre link : CVE-2007-3490

JSON object : View

CWE

NVD-CWE-Other

Products Affected

microsoft

excel

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.milw0rm.com/sploits/06272007-2670.zip", "name": "http://www.milw0rm.com/sploits/06272007-2670.zip", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://pstgroup.blogspot.com/2007/06/exploitmicrosoft-excel-20002003-sheet.html", "name": "http://pstgroup.blogspot.com/2007/06/exploitmicrosoft-excel-20002003-sheet.html", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/24691", "name": "24691", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1018321", "name": "1018321", "tags": [], "refsource": "SECTRACK"}, {"url": "http://osvdb.org/38954", "name": "38954", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35132", "name": "excel-sheet-name-bo(35132)", "tags": [], "refsource": "XF"}, {"url": "https://www.exploit-db.com/exploits/4121", "name": "4121", "tags": [], "refsource": "EXPLOIT-DB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-3490", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2007-06-29T18:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:excel:2003:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-09-29T01:29Z"}

7.5 /10