CVE-2008-4266

Severity

93%

Complexity

86%

Confidentiality

165%

http://www.microsoft.com/technet/security/Bulletin/MS08-074.mspx Excel Global Array Memory Corruption Vulnerability - CVE-2008-4266 A remote code execution vulnerability exists in Microsoft Office Excel as a result of stack corruption when loading Excel records. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel Viewer 2003 Gold and SP3; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Excel spreadsheet with a NAME record that contains an invalid index value, which triggers stack corruption, aka "Excel Global Array Memory Corruption Vulnerability."

http://www.microsoft.com/technet/security/Bulletin/MS08-074.mspx Excel Global Array Memory Corruption Vulnerability - CVE-2008-4266 A remote code execution vulnerability exists in Microsoft Office Excel as a result of stack corruption when loading Excel records. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

Type

Microsoft

First reported 16 years ago

2008-12-10 14:00:00

Last updated 6 years ago

2018-10-12 21:48:00

Affected Software

Microsoft Excel 2000 Service Pack 3

2000

Microsoft Office Excel 2002 Service Pack 3

2002

Microsoft Office Excel 2003 Service Pack 3

2003

Microsoft Excel Viewer 2003

2003

Microsoft Office 2004 Mac

2004

Microsoft Office 2008 Mac

2008

Microsoft Open XML File Format Converter for Mac

References

http://secunia.com/secunia_research/2008-36/

Vendor Advisory

20081209 Secunia Research: Microsoft Excel NAME Record Array Indexing Vulnerability

1021368

TA08-344A

US Government Resource

ADV-2008-3386

Vendor Advisory

MS08-074

oval:org.mitre.oval:def:5808

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.