CVE-2007-1756 — Microsoft Excel vulnerability

4 documents4 sources

Severity

9.3CRITICALNVD

EPSS

68.0%

top 1.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Excel Microsoft Excel Viewer Microsoft Office

Timeline

PublishedJul 10

Latest updateMay 1

Description

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDmicrosoft/excel_viewer2003

▶NVDmicrosoft/excel4 versions+3

▶NVDmicrosoft/office4 versions+3

🔴Vulnerability Details

GHSA

GHSA-hm8p-c9vr-f39h: Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-ass↗2022-05-01

▶

CVEList

CVE-2007-1756: Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-ass↗2007-07-10

▶

💬Community

Bugzilla

CVE-2007-2875 cpuset information leak↗2007-06-26

▶