| Vulnerability Name: | CVE-2008-3004 (CCN-44089) | ||||||||
| Assigned: | 2008-08-12 | ||||||||
| Published: | 2008-08-12 | ||||||||
| Updated: | 2018-10-30 | ||||||||
| Summary: | Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values for AxesSet records when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Indexing Validation Vulnerability." | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-20 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-3004 Source: IDEFENSE Type: UNKNOWN 20080812 Microsoft Excel Chart AxesSet Invalid Array Index Vulnerability Source: HP Type: UNKNOWN HPSBST02360 Source: CCN Type: SA31454 Microsoft Office Excel Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 31454 Source: CCN Type: SECTRACK ID: 1020670 Microsoft Excel Input Validation Bug in Processing Index Values Lets Remote Users Execute Arbitrary Code Source: CCN Type: Microsoft Security Bulletin MS08-043 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066) Source: CCN Type: Microsoft Security Bulletin MS08-057 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416) Source: CCN Type: Microsoft Security Bulletin MS09-021 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462) Source: CCN Type: Microsoft Security Bulletin MS09-067 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652) Source: CCN Type: Microsoft Security Bulletin MS10-017 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150) Source: CCN Type: Microsoft Security Bulletin MS10-038 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452) Source: CCN Type: Microsoft Security Bulletin MS10-057 Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707) Source: BID Type: UNKNOWN 30638 Source: CCN Type: BID-30638 Microsoft Excel Indexing Validation Remote Code Execution Vulnerability Source: SECTRACK Type: UNKNOWN 1020670 Source: CERT Type: US Government Resource TA08-225A Source: VUPEN Type: Vendor Advisory ADV-2008-2347 Source: MS Type: UNKNOWN MS08-043 Source: XF Type: UNKNOWN excel-index-code-execution(44089) Source: CCN Type: iDefense Labs PUBLIC ADVISORY: 08.12.08 Microsoft Excel Chart AxesSet Invalid Array Index Vulnerability Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:5885 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||