Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0081Use of Uninitialized Resource in Microsoft Excel

CWE-908Use of Uninitialized Resource5 documents5 sources
Severity
9.8CRITICALNVD
CNA7.5VulnCheck7.5
EPSS
81.8%
top 0.81%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Microsoft ExcelMicrosoft Excel ViewerMicrosoft Office
Timeline
PublishedJan 16
Latest updateMay 1

Description

Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDmicrosoft/excel2000, 2002, 2003+2

Patches

Patch: www.microsoft.comPatch: www.securityfocus.comPatch: docs.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-h6j8-g36h-j99v: Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to2022-05-01
CVEList
CVE-2008-0081: Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to2008-01-16
VulnCheck
Microsoft Excel Use of Uninitialized Resource2008

💥Exploits & PoCs

1
Exploit-DB
Microsoft Excel - Code Execution (MS08-014)2008-03-21
CVE-2008-0081 — Use of Uninitialized Resource | cvebase