| Vulnerability Name: | CVE-2010-0261 (CCN-56466) | ||||||||
| Assigned: | 2010-03-09 | ||||||||
| Published: | 2010-03-09 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability." | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2010-0261 Source: IDEFENSE Type: UNKNOWN 20100309 Microsoft Excel MDXSET Record Heap Overflow Vulnerability Source: CCN Type: SA38805 Microsoft Office Excel Multiple Vulnerabilities Source: CCN Type: SECTRACK ID: 1023698 Microsoft Office Excel Bugs Let Remote Users Execute Arbitrary Code Source: CCN Type: Microsoft Security Bulletin MS10-017 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150) Source: CCN Type: Microsoft Security Bulletin MS10-038 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452) Source: CCN Type: Microsoft Security Bulletin MS10-057 Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707) Source: CCN Type: BID-38552 Microsoft Excel MDXSET Record Remote Heap Buffer Overflow Vulnerability Source: SECTRACK Type: UNKNOWN 1023698 Source: CERT Type: US Government Resource TA10-068A Source: MS Type: UNKNOWN MS10-017 Source: XF Type: UNKNOWN excel-mdxset-bo(56466) Source: CCN Type: iDefense Labs Public Advisory: 03.09.10 Microsoft Excel MDXSET Record Heap Overflow Vulnerability Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:8479 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||