Vulnerability Name:

CCN-14130

Published:2003-12-03
Updated:2003-12-03
Summary:Microsoft Excel could allow a local attacker to bypass the 'Hidden Cells' and 'Locked Cells' features. The 'Hidden Cells' and 'Locked Cells' features are used with the 'Protect Sheet' feature to hide or lock a cell to prevent viewing and modification by other users. A local attacker could bypass these features to unhide or unlock cells to view or modify the cells in the vulnerable Excel document.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: SECTRACK ID: 1008586
Microsoft Office Security Features Can Be Bypassed

Source: CCN
Type: Microsoft Knowledge Base Article - 822924
Overview of Office Features That Are Intended to Enable Collaboration and That Are Not Intended to Increase Security

Source: XF
Type: UNKNOWN
excel-hidden-locked-bypass(14130)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:microsoft:excel:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft excel *