Vulnerability Name: CVE-2008-4019 (CCN-45580) Assigned: 2008-10-14 Published: 2008-10-14 Updated: 2022-02-09 Summary: Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka "Formula Parsing Vulnerability." CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C )6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C )6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-190 Vulnerability Consequences: Gain Access References: Source: MITRE Type: CNACVE-2008-4019 Source: HP Type: Issue Tracking, Mailing List, Third Party AdvisorySSRT080143 Source: CCN Type: SA32211Microsoft Excel Multiple Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory32211 Source: CCN Type: SECTRACK ID: 1021044Microsoft Excel Object, Calendar, and Formula Bugs Let Remote Users Execute Arbitrary Code Source: CCN Type: ASA-2008-410MS08-057 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416) Source: CCN Type: Microsoft Security Bulletin MS11-096Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241) Source: CCN Type: Microsoft Security Bulletin MS12-028Vulnerability in Microsoft Office Could Allow for Remote Code Execution (2639185) Source: CCN Type: Microsoft Security Bulletin MS12-029Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352) Source: CCN Type: Microsoft Security Bulletin MS12-057Vulnerability in Microsoft Office Could Allow for Remote Code Execution (2731879) Source: CCN Type: Microsoft Security Bulletin MS12-064Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319) Source: CCN Type: Microsoft Security Bulletin MS12-065Vulnerability in Microsoft Works Could Allow Remote Code Execution (KB2754670) Source: CCN Type: Microsoft Security Bulletin MS12-079Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642) Source: CCN Type: Microsoft Security Bulletin MS13-043Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399) Source: CCN Type: Microsoft Security Bulletin MS13-072Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537) Source: CCN Type: Microsoft Security Bulletin MS13-085Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080) Source: CCN Type: Microsoft Security Bulletin MS13-086Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2885084) Source: CCN Type: Microsoft Security Bulletin MS14-001Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605) Source: CCN Type: Microsoft Security Bulletin MS14-017Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660) Source: CCN Type: Microsoft Security Bulletin MS14-034Vulnerability in Microsoft Word Could Allow Remote Code Execution (2969261) Source: CCN Type: Microsoft Security Bulletin MS14-061Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434) Source: CCN Type: Microsoft Security Bulletin MS14-069Vulnerability in Microsoft Office Could Allow Remote Code Execution (3009710) Source: CCN Type: Microsoft Security Bulletin MS14-081Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3017301) Source: CCN Type: Microsoft Security Bulletin MS14-083Vulnerabilities in MicrosoftExcel Could Allow Remote Code Execution (3017347) Source: CCN Type: Microsoft Security Bulletin MS15-081Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790) Source: CCN Type: Microsoft Security Bulletin MS15-099Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3089664) Source: CCN Type: Microsoft Security Bulletin MS15-110Security Updates for Microsoft Office (3096440) Source: CCN Type: Microsoft Security Bulletin MS15-116Security Updates for Microsoft Office to Address Remote Code Execution (3104540) Source: CCN Type: Microsoft Security Bulletin MS15-131Security Update for Microsoft Office to Address Remote Code Execution (3116111) Source: CCN Type: Microsoft Security Bulletin MS16-004Security Update for Microsoft Office to Address Remote Code Execution - Critical (3124585) Source: CCN Type: Microsoft Security Bulletin MS16-015Security Update for Microsoft Office to Address Remote Code Execution (3134226) Source: CCN Type: Microsoft Security Bulletin MS16-029Security Update for Microsoft Office to Address Remote Code Execution (3141806) Source: CCN Type: Microsoft Security Bulletin MS16-042Security Update for Microsoft Office (3148775) Source: CCN Type: Microsoft Security Bulletin MS16-054Security Update for Microsoft Office (3155544) Source: CCN Type: Microsoft Security Bulletin MS16-070Security Update for Office (3163610) Source: CCN Type: Microsoft Security Bulletin MS16-088Security Updates for Office (3170008) Source: CCN Type: Microsoft Security Bulletin MS16-099Security Update for Office (3177451) Source: CCN Type: Microsoft Security Bulletin MS16-107Security Update for Microsoft Office (3185852) Source: CCN Type: Microsoft Security Bulletin MS16-121Security Update for Microsoft Office (3194063) Source: CCN Type: Microsoft Security Bulletin MS16-133Security Update for Microsoft Office (3199168) Source: CCN Type: Microsoft Security Bulletin MS16-148Security Update for Microsoft Office (3204068) Source: CCN Type: Microsoft Security Bulletin MS17-002Security Update for Microsoft Office (3214291) Source: CCN Type: Microsoft Security Bulletin MS17-013Security Update for Microsoft Graphics Component (4013075) Source: CCN Type: Microsoft Security Bulletin MS17-014Security Update for Microsoft Office (4013241) Source: CCN Type: Microsoft Security Bulletin MS08-057Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416) Source: CCN Type: Microsoft Security Bulletin MS08-072Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) Source: CCN Type: Microsoft Security Bulletin MS08-074Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) Source: CCN Type: Microsoft Security Bulletin MS09-009Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557) Source: CCN Type: Microsoft Security Bulletin MS09-017Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340) Source: CCN Type: Microsoft Security Bulletin MS09-021Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462) Source: CCN Type: Microsoft Security Bulletin MS09-024Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632) Source: CCN Type: Microsoft Security Bulletin MS09-027Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514) Source: CCN Type: Microsoft Security Bulletin MS09-067Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652) Source: CCN Type: Microsoft Security Bulletin MS09-068Vulnerability in Microsoft Office Word Allows Remote Code Execution (976307) Source: CCN Type: Microsoft Security Bulletin MS09-073Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539) Source: CCN Type: Microsoft Security Bulletin MS10-004Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416) Source: CCN Type: Microsoft Security Bulletin MS10-017Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150) Source: CCN Type: Microsoft Security Bulletin MS10-036Vulnerabilities in COM validation in Microsoft Office Could Allow Remote Code Execution (983235 Source: CCN Type: Microsoft Security Bulletin MS10-038Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452) Source: CCN Type: Microsoft Security Bulletin MS10-056Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638) Source: CCN Type: Microsoft Security Bulletin MS10-057Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707) Source: CCN Type: Microsoft Security Bulletin MS10-079Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194) Source: CCN Type: Microsoft Security Bulletin MS10-087Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930) Source: CCN Type: Microsoft Security Bulletin MS10-105Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095) Source: CCN Type: Microsoft Security Bulletin MS11-021Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279) Source: CCN Type: Microsoft Security Bulletin MS11-023Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293) Source: CCN Type: Microsoft Security Bulletin MS11-045Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146) Source: CCN Type: Microsoft Security Bulletin MS11-072Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505) Source: BID Type: Patch, Third Party Advisory, VDB Entry31706 Source: CCN Type: BID-31706Microsoft Excel Formula Parsing Remote Code Execution Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry1021044 Source: CERT Type: Third Party Advisory, US Government ResourceTA08-288A Source: VUPEN Type: Third Party AdvisoryADV-2008-2808 Source: MS Type: Patch, Vendor AdvisoryMS08-057 Source: XF Type: Third Party Advisory, VDB Entryexcel-rept-code-execution(45580) Source: XF Type: UNKNOWNexcel-rept-code-execution(45580) Source: XF Type: Third Party Advisory, VDB Entrywin-ms08kb956416-update(45581) Source: OVAL Type: Third Party Advisoryoval:org.mitre.oval:def:6102 Source: CCN Type: ZDI-08-099Microsoft Office Excel REPT Formula Parsing Remote Code Execution Vulnerability Vulnerable Configuration: Configuration 1 :cpe:/a:microsoft:excel:2003:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:excel:2003:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:excel:2007:-:*:*:*:*:*:* OR cpe:/a:microsoft:excel:2007:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:excel_viewer:-:*:*:*:*:*:*:* OR cpe:/a:microsoft:excel_viewer:2003:-:*:*:*:*:*:* OR cpe:/a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:office:2004:*:*:*:*:macos:*:* OR cpe:/a:microsoft:office:2008:*:*:*:*:macos:*:* OR cpe:/a:microsoft:office_compatibility_pack:2007:-:*:*:*:*:*:* OR cpe:/a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:open_xml_file_format_converter:-:*:*:*:*:macos:*:* OR cpe:/a:microsoft:sharepoint_server:2007:*:*:*:*:*:x64:* OR cpe:/a:microsoft:sharepoint_server:2007:-:*:*:*:*:*:* OR cpe:/a:microsoft:sharepoint_server:2007:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:sharepoint_server:2007:sp1:*:*:*:*:x64:* Configuration CCN 1 :cpe:/a:microsoft:excel_viewer:2003:*:*:*:*:*:*:* OR cpe:/a:microsoft:excel:2007:*:*:*:*:*:*:* OR cpe:/a:microsoft:office_compatibility_pack:2007:*:*:*:*:*:*:* OR cpe:/a:microsoft:sharepoint_server:2007:*:*:*:*:*:*:* OR cpe:/a:microsoft:excel:2000:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:excel:2002:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:excel:2003:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:excel_viewer:*:*:*:*:*:*:*:* OR cpe:/a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:excel:2007:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:excel:2003:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:sharepoint_server:2007:sp1:x64:*:*:*:*:* OR cpe:/a:microsoft:sharepoint_server:2007:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:sharepoint_server:2007:sp1:x64:*:*:*:*:* OR cpe:/a:microsoft:office:2004::~~~mac_os~~:*:*:*:*:* Denotes that component is vulnerable Oval Definitions BACK
microsoft excel 2003 sp2
microsoft excel 2003 sp3
microsoft excel 2007 -
microsoft excel 2007 sp1
microsoft excel viewer -
microsoft excel viewer 2003 -
microsoft excel viewer 2003 sp3
microsoft office 2004
microsoft office 2008
microsoft office compatibility pack 2007 -
microsoft office compatibility pack 2007 sp1
microsoft open xml file format converter -
microsoft sharepoint server 2007
microsoft sharepoint server 2007 -
microsoft sharepoint server 2007 sp1
microsoft sharepoint server 2007 sp1
microsoft excel viewer 2003
microsoft excel 2007
microsoft office compatibility pack 2007
microsoft sharepoint server 2007
microsoft excel 2000 sp3
microsoft excel 2002 sp3
microsoft excel 2003 sp2
microsoft excel viewer 2003 sp3
microsoft excel viewer *
microsoft office compatibility pack 2007 sp1
microsoft excel 2007 sp1
microsoft excel 2003 sp3
microsoft sharepoint server 2007 sp1
microsoft sharepoint server 2007 sp1
microsoft sharepoint server 2007 sp1
microsoft office 2004