Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Office SharePoint Server 2007 SP1 and SP2 do not validate ZIP headers during decompression of Open XML (.XLSX) documents, which allows remote attackers to execute arbitrary code via a crafted document that triggers access to uninitialized memory locations, aka "Microsoft Office Excel XLSX File Parsing Code Execution Vulnerability."
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2010-03-10 14:30
Updated : 2018-10-12 14:56
NVD link : CVE-2010-0263
Mitre link : CVE-2010-0263
JSON object : View
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')
Products Affected
microsoft
- office_excel_viewer
- excel
- office_compatibility_pack
- office
- open_xml_file_format_converter
- office_sharepoint_server