CVE-2007-0030 — Microsoft Excel vulnerability

4 documents4 sources

Severity

9.3CRITICALNVD

EPSS

58.4%

top 1.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Excel Microsoft Excel Viewer Microsoft Office +1 more

Timeline

PublishedJan 9

Latest updateMay 1

Description

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶NVDmicrosoft/excel2000, 2002, 2003+2

▶NVDmicrosoft/excel_viewer2003

▶NVDmicrosoft/works2004, 2005+1

▶NVDmicrosoft/office5 versions+4

Patches

Patch: labs.idefense.com ↗Patch: labs.idefense.com ↗

🔴Vulnerability Details

GHSA

GHSA-h2w5-9m4x-7rxf: Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v↗2022-05-01

▶

CVEList

CVE-2007-0030: Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v↗2007-01-09

▶

💥Exploits & PoCs

Exploit-DB

Apple Mac OSX 10.4.8 (8L2127) - 'crashdump' Local Privilege Escalation↗2007-01-29

▶