CVE-2007-0027 — Out-of-bounds Write in Microsoft Excel

3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

64.4%

top 1.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Excel Microsoft Excel Viewer Microsoft Office +1 more

Timeline

PublishedJan 9

Latest updateMay 1

Description

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶NVDmicrosoft/excel2000, 2002, 2003+2

▶NVDmicrosoft/excel_viewer2003

▶NVDmicrosoft/works2004, 2005+1

▶NVDmicrosoft/office5 versions+4

Patches

Patch: securitytracker.com ↗Patch: www.securityfocus.com ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-h2pf-m63g-fhqc: Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v↗2022-05-01

▶

CVEList

CVE-2007-0027: Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v↗2007-01-09

▶