CVE-2008-3005

Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/30639
http://secunia.com/advisories/31454	Vendor Advisory
http://www.securitytracker.com/id?1020671
http://marc.info/?l=bugtraq&m=121915960406986&w=2
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=741
http://www.us-cert.gov/cas/techalerts/TA08-225A.html	US Government Resource
http://www.vupen.com/english/advisories/2008/2347	Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5837
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-043

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:office:2000:sp3::::::
	cpe:2.3:a:microsoft:office:xp:sp3::::::

Configuration 2 (hide)

OR	cpe:2.3:a:microsoft:office:2004::mac:::::
	cpe:2.3:a:microsoft:office:2008::mac:::::

Information

Published : 2008-08-12 16:41

Updated : 2018-10-30 09:26

NVD link : CVE-2008-3005

Mitre link : CVE-2008-3005

JSON object : View

CWE

CWE-20

Improper Input Validation

Advertisement

Products Affected

microsoft

office

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/30639", "name": "30639", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/31454", "name": "31454", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securitytracker.com/id?1020671", "name": "1020671", "tags": [], "refsource": "SECTRACK"}, {"url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2", "name": "HPSBST02360", "tags": [], "refsource": "HP"}, {"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=741", "name": "20080812 Microsoft Excel FORMAT Record Invalid Array Index Vulnerability", "tags": [], "refsource": "IDEFENSE"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html", "name": "TA08-225A", "tags": ["US Government Resource"], "refsource": "CERT"}, {"url": "http://www.vupen.com/english/advisories/2008/2347", "name": "ADV-2008-2347", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5837", "name": "oval:org.mitre.oval:def:5837", "tags": [], "refsource": "OVAL"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-043", "name": "MS08-043", "tags": [], "refsource": "MS"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the \"Excel Index Array Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-3005", "ASSIGNER": "secure@microsoft.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2008-08-12T23:41Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-30T16:26Z"}