| Vulnerability Name: | CVE-2008-3005 (CCN-44090) | ||||||||
| Assigned: | 2008-08-12 | ||||||||
| Published: | 2008-08-12 | ||||||||
| Updated: | 2018-10-30 | ||||||||
| Summary: | Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability." | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-20 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-3005 Source: IDEFENSE Type: UNKNOWN 20080812 Microsoft Excel FORMAT Record Invalid Array Index Vulnerability Source: HP Type: UNKNOWN HPSBST02360 Source: CCN Type: SA31454 Microsoft Office Excel Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 31454 Source: CCN Type: SECTRACK ID: 1020671 Microsoft Excel Input Validation Bug in Processing Array Index Values Lets Remote Users Execute Arbitrary Code Source: CCN Type: Microsoft Security Bulletin MS08-043 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066) Source: CCN Type: Microsoft Security Bulletin MS08-057 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416) Source: CCN Type: Microsoft Security Bulletin MS09-021 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462) Source: CCN Type: Microsoft Security Bulletin MS09-067 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652) Source: CCN Type: Microsoft Security Bulletin MS10-017 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150) Source: CCN Type: Microsoft Security Bulletin MS10-038 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452) Source: CCN Type: Microsoft Security Bulletin MS10-057 Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707) Source: BID Type: UNKNOWN 30639 Source: CCN Type: BID-30639 Microsoft Excel Index Array Remote Code Execution Vulnerability Source: SECTRACK Type: UNKNOWN 1020671 Source: CERT Type: US Government Resource TA08-225A Source: VUPEN Type: Vendor Advisory ADV-2008-2347 Source: MS Type: UNKNOWN MS08-043 Source: XF Type: UNKNOWN excel-index-array-code-execution(44090) Source: CCN Type: iDefense Labs PUBLIC ADVISORY: 08.12.08 Microsoft Excel FORMAT Record Invalid Array Index Vulnerability Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:5837 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||