Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0031 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Excel

4 documents4 sources

Severity

9.3CRITICALNVD

EPSS

74.9%

top 1.13%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Excel Microsoft Excel Viewer Microsoft Office +1 more

Timeline

PublishedJan 9

Latest updateMay 1

Description

Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶NVDmicrosoft/excel2000, 2002, 2003+2

▶NVDmicrosoft/excel_viewer2003

▶NVDmicrosoft/works2004, 2005+1

▶NVDmicrosoft/office5 versions+4

Patches

Patch: labs.idefense.com ↗Patch: labs.idefense.com ↗

🔴Vulnerability Details

GHSA

GHSA-prmm-m9wr-jpgj: Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v↗2022-05-01

▶

CVEList

CVE-2007-0031: Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v↗2007-01-09

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Excel - Malformed Palette Record Denial of Service (PoC) (MS07-002)↗2007-01-25

▶